Skip to content

Hide Navigation Hide TOC

Pallas - S0399 (c41a8b7c-3e42-4eee-b87d-ad8a100ee878)

Pallas is mobile surveillanceware that was custom-developed by Dark Caracal.(Citation: Lookout Dark Caracal Jan 2018)

Cluster A Galaxy A Cluster B Galaxy B Level
GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512) Attack Pattern Pallas - S0399 (c41a8b7c-3e42-4eee-b87d-ad8a100ee878) Malware 1
Pallas - S0399 (c41a8b7c-3e42-4eee-b87d-ad8a100ee878) Malware Stored Application Data - T1409 (702055ac-4e54-4ae9-9527-e23a38e0b160) Attack Pattern 1
Pallas - S0399 (c41a8b7c-3e42-4eee-b87d-ad8a100ee878) Malware SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern 1
Pallas - S0399 (c41a8b7c-3e42-4eee-b87d-ad8a100ee878) Malware Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2) Attack Pattern 1
Pallas - S0399 (c41a8b7c-3e42-4eee-b87d-ad8a100ee878) Malware System Information Discovery - T1426 (e2ea7f6b-8d4f-49c3-819d-660530d12b77) Attack Pattern 1
Pallas - S0399 (c41a8b7c-3e42-4eee-b87d-ad8a100ee878) Malware Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4) Attack Pattern 1
Pallas - S0399 (c41a8b7c-3e42-4eee-b87d-ad8a100ee878) Malware Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) Attack Pattern 1
Audio Capture - T1429 (6683aa0c-d98a-4f5b-ac57-ca7e9934a760) Attack Pattern Pallas - S0399 (c41a8b7c-3e42-4eee-b87d-ad8a100ee878) Malware 1
Pallas - S0399 (c41a8b7c-3e42-4eee-b87d-ad8a100ee878) Malware System Network Connections Discovery - T1421 (dd818ea5-adf5-41c7-93b5-f3b839a219fb) Attack Pattern 1
Pallas - S0399 (c41a8b7c-3e42-4eee-b87d-ad8a100ee878) Malware Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern 1
Pallas - S0399 (c41a8b7c-3e42-4eee-b87d-ad8a100ee878) Malware File Deletion - T1630.002 (ab7400b7-3476-4776-9545-ef3fa373de63) Attack Pattern 1
Pallas - S0399 (c41a8b7c-3e42-4eee-b87d-ad8a100ee878) Malware Exfiltration Over C2 Channel - T1646 (32063d7f-0a39-440d-a4a3-2694488f96cc) Attack Pattern 1
Video Capture - T1512 (d8940e76-f9c1-4912-bea6-e21c251370b6) Attack Pattern Pallas - S0399 (c41a8b7c-3e42-4eee-b87d-ad8a100ee878) Malware 1
Pallas - S0399 (c41a8b7c-3e42-4eee-b87d-ad8a100ee878) Malware Obfuscated Files or Information - T1406 (d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a) Attack Pattern 1
GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512) Attack Pattern Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad) Attack Pattern 2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern 2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) Attack Pattern 2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern 2
Indicator Removal on Host - T1630 (0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d) Attack Pattern File Deletion - T1630.002 (ab7400b7-3476-4776-9545-ef3fa373de63) Attack Pattern 2