BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4)

BusyGasper is Android spyware that has been in use since May 2016. There have been less than 10 victims, all who appear to be located in Russia, that were all infected via physical access to the device.(Citation: SecureList BusyGasper)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Out of Band Data - T1644 (ec4c4baa-026f-43e8-8f56-58c36f3162dd)	Attack Pattern	BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4)	Malware	1
Video Capture - T1512 (d8940e76-f9c1-4912-bea6-e21c251370b6)	Attack Pattern	BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4)	Malware	1
Unix Shell - T1623.001 (693cdbff-ea73-49c6-ac3f-91e7285c31d1)	Attack Pattern	BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4)	Malware	1
BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4)	Malware	SMS Control - T1582 (b327a9c0-e709-495c-aa6e-00b042136e2b)	Attack Pattern	1
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002)	Attack Pattern	BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4)	Malware	1
BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4)	Malware	Stored Application Data - T1409 (702055ac-4e54-4ae9-9527-e23a38e0b160)	Attack Pattern	1
Exfiltration Over Unencrypted Non-C2 Protocol - T1639.001 (37047267-3e56-453c-833e-d92b68118120)	Attack Pattern	BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4)	Malware	1
User Evasion - T1628.002 (24a77e53-0751-46fc-b207-99378fb35c08)	Attack Pattern	BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4)	Malware	1
Compromise Client Software Binary - T1645 (4f14e30b-8b57-4a7b-9093-2c0778ea99cf)	Attack Pattern	BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4)	Malware	1
BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4)	Malware	Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6)	Attack Pattern	1
Call Control - T1616 (351ddf79-2d3a-41b4-9bef-82ea5d3ccd69)	Attack Pattern	BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4)	Malware	1
Bidirectional Communication - T1481.002 (939808a7-121d-467a-b028-4441ee8b7cee)	Attack Pattern	BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4)	Malware	1
BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4)	Malware	Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4)	Attack Pattern	1
Audio Capture - T1429 (6683aa0c-d98a-4f5b-ac57-ca7e9934a760)	Attack Pattern	BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4)	Malware	1
Data from Local System - T1533 (e1c912a9-e305-434b-9172-8a6ce3ec9c4a)	Attack Pattern	BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4)	Malware	1
Keylogging - T1417.001 (b1c95426-2550-4621-8028-ceebf28b3a47)	Attack Pattern	BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4)	Malware	1
BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4)	Malware	Screen Capture - T1513 (73c26732-6422-4081-8b63-6d0ae93d449e)	Attack Pattern	1
BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4)	Malware	Download New Code at Runtime - T1407 (6c49d50f-494d-4150-b774-a655022d20a6)	Attack Pattern	1
Command and Scripting Interpreter - T1623 (29f1f56c-7b7a-4c14-9e39-59577ea2743c)	Attack Pattern	Unix Shell - T1623.001 (693cdbff-ea73-49c6-ac3f-91e7285c31d1)	Attack Pattern	2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e)	Attack Pattern	SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002)	Attack Pattern	2
Exfiltration Over Unencrypted Non-C2 Protocol - T1639.001 (37047267-3e56-453c-833e-d92b68118120)	Attack Pattern	Exfiltration Over Alternative Protocol - T1639 (3e091a89-a493-4a6c-8e88-d57be19bb98d)	Attack Pattern	2
User Evasion - T1628.002 (24a77e53-0751-46fc-b207-99378fb35c08)	Attack Pattern	Hide Artifacts - T1628 (fc53309d-ebd5-4573-9242-57024ebdad4f)	Attack Pattern	2
Hide Artifacts - T1628 (fc53309d-ebd5-4573-9242-57024ebdad4f)	Attack Pattern	Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6)	Attack Pattern	2
Bidirectional Communication - T1481.002 (939808a7-121d-467a-b028-4441ee8b7cee)	Attack Pattern	Web Service - T1481 (c6a146ae-9c63-4606-97ff-e261e76e8380)	Attack Pattern	2
Keylogging - T1417.001 (b1c95426-2550-4621-8028-ceebf28b3a47)	Attack Pattern	Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad)	Attack Pattern	2