Skip to content

Hide Navigation Hide TOC

Riltok - S0403 (c0efbaae-9e7d-4716-a92d-68373aac7424)

Riltok is banking malware that uses phishing popups to collect user credentials.(Citation: Kaspersky Riltok June 2019)

Cluster A Galaxy A Cluster B Galaxy B Level
Riltok - S0403 (c0efbaae-9e7d-4716-a92d-68373aac7424) Malware System Information Discovery - T1426 (e2ea7f6b-8d4f-49c3-819d-660530d12b77) Attack Pattern 1
Riltok - S0403 (c0efbaae-9e7d-4716-a92d-68373aac7424) Malware Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2) Attack Pattern 1
Riltok - S0403 (c0efbaae-9e7d-4716-a92d-68373aac7424) Malware Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern 1
Input Injection - T1516 (d1f1337e-aea7-454c-86bd-482a98ffaf62) Attack Pattern Riltok - S0403 (c0efbaae-9e7d-4716-a92d-68373aac7424) Malware 1
Riltok - S0403 (c0efbaae-9e7d-4716-a92d-68373aac7424) Malware Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add) Attack Pattern 1
Riltok - S0403 (c0efbaae-9e7d-4716-a92d-68373aac7424) Malware GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512) Attack Pattern 1
Riltok - S0403 (c0efbaae-9e7d-4716-a92d-68373aac7424) Malware System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd) Attack Pattern 1
Riltok - S0403 (c0efbaae-9e7d-4716-a92d-68373aac7424) Malware SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern 1
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern 2
Application Layer Protocol - T1437 (6a3f6490-9c44-40de-b059-e5940f246673) Attack Pattern Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add) Attack Pattern 2
GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512) Attack Pattern Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad) Attack Pattern 2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern 2