Skip to content

Hide Navigation Hide TOC

BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4)

BusyGasper is Android spyware that has been in use since May 2016. There have been less than 10 victims, all who appear to be located in Russia, that were all infected via physical access to the device.(Citation: SecureList BusyGasper)

Cluster A Galaxy A Cluster B Galaxy B Level
Screen Capture - T1513 (73c26732-6422-4081-8b63-6d0ae93d449e) Attack Pattern BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware 1
User Evasion - T1628.002 (24a77e53-0751-46fc-b207-99378fb35c08) Attack Pattern BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware 1
Bidirectional Communication - T1481.002 (939808a7-121d-467a-b028-4441ee8b7cee) Attack Pattern BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware 1
Stored Application Data - T1409 (702055ac-4e54-4ae9-9527-e23a38e0b160) Attack Pattern BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware 1
Video Capture - T1512 (d8940e76-f9c1-4912-bea6-e21c251370b6) Attack Pattern BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware 1
SMS Control - T1582 (b327a9c0-e709-495c-aa6e-00b042136e2b) Attack Pattern BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware 1
Data from Local System - T1533 (e1c912a9-e305-434b-9172-8a6ce3ec9c4a) Attack Pattern BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware 1
Keylogging - T1417.001 (b1c95426-2550-4621-8028-ceebf28b3a47) Attack Pattern BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware 1
Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6) Attack Pattern BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware 1
Download New Code at Runtime - T1407 (6c49d50f-494d-4150-b774-a655022d20a6) Attack Pattern BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware 1
Out of Band Data - T1644 (ec4c4baa-026f-43e8-8f56-58c36f3162dd) Attack Pattern BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware 1
Call Control - T1616 (351ddf79-2d3a-41b4-9bef-82ea5d3ccd69) Attack Pattern BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware 1
Unix Shell - T1623.001 (693cdbff-ea73-49c6-ac3f-91e7285c31d1) Attack Pattern BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware 1
Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4) Attack Pattern BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware 1
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware 1
Compromise Client Software Binary - T1645 (4f14e30b-8b57-4a7b-9093-2c0778ea99cf) Attack Pattern BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware 1
Audio Capture - T1429 (6683aa0c-d98a-4f5b-ac57-ca7e9934a760) Attack Pattern BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware 1
Exfiltration Over Unencrypted Non-C2 Protocol - T1639.001 (37047267-3e56-453c-833e-d92b68118120) Attack Pattern BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware 1
Hide Artifacts - T1628 (fc53309d-ebd5-4573-9242-57024ebdad4f) Attack Pattern User Evasion - T1628.002 (24a77e53-0751-46fc-b207-99378fb35c08) Attack Pattern 2
Bidirectional Communication - T1481.002 (939808a7-121d-467a-b028-4441ee8b7cee) Attack Pattern Web Service - T1481 (c6a146ae-9c63-4606-97ff-e261e76e8380) Attack Pattern 2
Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad) Attack Pattern Keylogging - T1417.001 (b1c95426-2550-4621-8028-ceebf28b3a47) Attack Pattern 2
Hide Artifacts - T1628 (fc53309d-ebd5-4573-9242-57024ebdad4f) Attack Pattern Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6) Attack Pattern 2
Command and Scripting Interpreter - T1623 (29f1f56c-7b7a-4c14-9e39-59577ea2743c) Attack Pattern Unix Shell - T1623.001 (693cdbff-ea73-49c6-ac3f-91e7285c31d1) Attack Pattern 2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern 2
Exfiltration Over Alternative Protocol - T1639 (3e091a89-a493-4a6c-8e88-d57be19bb98d) Attack Pattern Exfiltration Over Unencrypted Non-C2 Protocol - T1639.001 (37047267-3e56-453c-833e-d92b68118120) Attack Pattern 2