Skip to content

Hide Navigation Hide TOC

BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4)

BusyGasper is Android spyware that has been in use since May 2016. There have been less than 10 victims, all who appear to be located in Russia, that were all infected via physical access to the device.(Citation: SecureList BusyGasper)

Cluster A Galaxy A Cluster B Galaxy B Level
Unix Shell - T1623.001 (693cdbff-ea73-49c6-ac3f-91e7285c31d1) Attack Pattern BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware 1
BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware SMS Control - T1582 (b327a9c0-e709-495c-aa6e-00b042136e2b) Attack Pattern 1
BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware Stored Application Data - T1409 (702055ac-4e54-4ae9-9527-e23a38e0b160) Attack Pattern 1
BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware Exfiltration Over Unencrypted Non-C2 Protocol - T1639.001 (37047267-3e56-453c-833e-d92b68118120) Attack Pattern 1
BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware Compromise Client Software Binary - T1645 (4f14e30b-8b57-4a7b-9093-2c0778ea99cf) Attack Pattern 1
BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware User Evasion - T1628.002 (24a77e53-0751-46fc-b207-99378fb35c08) Attack Pattern 1
BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6) Attack Pattern 1
BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware Call Control - T1616 (351ddf79-2d3a-41b4-9bef-82ea5d3ccd69) Attack Pattern 1
BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware Bidirectional Communication - T1481.002 (939808a7-121d-467a-b028-4441ee8b7cee) Attack Pattern 1
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware 1
BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4) Attack Pattern 1
BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware Audio Capture - T1429 (6683aa0c-d98a-4f5b-ac57-ca7e9934a760) Attack Pattern 1
BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware Data from Local System - T1533 (e1c912a9-e305-434b-9172-8a6ce3ec9c4a) Attack Pattern 1
Keylogging - T1417.001 (b1c95426-2550-4621-8028-ceebf28b3a47) Attack Pattern BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware 1
BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware Screen Capture - T1513 (73c26732-6422-4081-8b63-6d0ae93d449e) Attack Pattern 1
BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware Download New Code at Runtime - T1407 (6c49d50f-494d-4150-b774-a655022d20a6) Attack Pattern 1
BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware Out of Band Data - T1644 (ec4c4baa-026f-43e8-8f56-58c36f3162dd) Attack Pattern 1
BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware Video Capture - T1512 (d8940e76-f9c1-4912-bea6-e21c251370b6) Attack Pattern 1
Unix Shell - T1623.001 (693cdbff-ea73-49c6-ac3f-91e7285c31d1) Attack Pattern Command and Scripting Interpreter - T1623 (29f1f56c-7b7a-4c14-9e39-59577ea2743c) Attack Pattern 2
Exfiltration Over Alternative Protocol - T1639 (3e091a89-a493-4a6c-8e88-d57be19bb98d) Attack Pattern Exfiltration Over Unencrypted Non-C2 Protocol - T1639.001 (37047267-3e56-453c-833e-d92b68118120) Attack Pattern 2
Hide Artifacts - T1628 (fc53309d-ebd5-4573-9242-57024ebdad4f) Attack Pattern User Evasion - T1628.002 (24a77e53-0751-46fc-b207-99378fb35c08) Attack Pattern 2
Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6) Attack Pattern Hide Artifacts - T1628 (fc53309d-ebd5-4573-9242-57024ebdad4f) Attack Pattern 2
Web Service - T1481 (c6a146ae-9c63-4606-97ff-e261e76e8380) Attack Pattern Bidirectional Communication - T1481.002 (939808a7-121d-467a-b028-4441ee8b7cee) Attack Pattern 2
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern 2
Keylogging - T1417.001 (b1c95426-2550-4621-8028-ceebf28b3a47) Attack Pattern Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad) Attack Pattern 2