Skip to content

Hide Navigation Hide TOC

BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4)

BusyGasper is Android spyware that has been in use since May 2016. There have been less than 10 victims, all who appear to be located in Russia, that were all infected via physical access to the device.(Citation: SecureList BusyGasper)

Cluster A Galaxy A Cluster B Galaxy B Level
Audio Capture - T1429 (6683aa0c-d98a-4f5b-ac57-ca7e9934a760) Attack Pattern BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware 1
Keylogging - T1417.001 (b1c95426-2550-4621-8028-ceebf28b3a47) Attack Pattern BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware 1
Out of Band Data - T1644 (ec4c4baa-026f-43e8-8f56-58c36f3162dd) Attack Pattern BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware 1
BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern 1
BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware Screen Capture - T1513 (73c26732-6422-4081-8b63-6d0ae93d449e) Attack Pattern 1
BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware Bidirectional Communication - T1481.002 (939808a7-121d-467a-b028-4441ee8b7cee) Attack Pattern 1
BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware Compromise Client Software Binary - T1645 (4f14e30b-8b57-4a7b-9093-2c0778ea99cf) Attack Pattern 1
Video Capture - T1512 (d8940e76-f9c1-4912-bea6-e21c251370b6) Attack Pattern BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware 1
BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware SMS Control - T1582 (b327a9c0-e709-495c-aa6e-00b042136e2b) Attack Pattern 1
BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware Stored Application Data - T1409 (702055ac-4e54-4ae9-9527-e23a38e0b160) Attack Pattern 1
BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6) Attack Pattern 1
User Evasion - T1628.002 (24a77e53-0751-46fc-b207-99378fb35c08) Attack Pattern BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware 1
Download New Code at Runtime - T1407 (6c49d50f-494d-4150-b774-a655022d20a6) Attack Pattern BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware 1
Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4) Attack Pattern BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware 1
Unix Shell - T1623.001 (693cdbff-ea73-49c6-ac3f-91e7285c31d1) Attack Pattern BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware 1
Exfiltration Over Unencrypted Non-C2 Protocol - T1639.001 (37047267-3e56-453c-833e-d92b68118120) Attack Pattern BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware 1
Call Control - T1616 (351ddf79-2d3a-41b4-9bef-82ea5d3ccd69) Attack Pattern BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware 1
Data from Local System - T1533 (e1c912a9-e305-434b-9172-8a6ce3ec9c4a) Attack Pattern BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4) Malware 1
Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad) Attack Pattern Keylogging - T1417.001 (b1c95426-2550-4621-8028-ceebf28b3a47) Attack Pattern 2
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern 2
Web Service - T1481 (c6a146ae-9c63-4606-97ff-e261e76e8380) Attack Pattern Bidirectional Communication - T1481.002 (939808a7-121d-467a-b028-4441ee8b7cee) Attack Pattern 2
Hide Artifacts - T1628 (fc53309d-ebd5-4573-9242-57024ebdad4f) Attack Pattern Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6) Attack Pattern 2
User Evasion - T1628.002 (24a77e53-0751-46fc-b207-99378fb35c08) Attack Pattern Hide Artifacts - T1628 (fc53309d-ebd5-4573-9242-57024ebdad4f) Attack Pattern 2
Unix Shell - T1623.001 (693cdbff-ea73-49c6-ac3f-91e7285c31d1) Attack Pattern Command and Scripting Interpreter - T1623 (29f1f56c-7b7a-4c14-9e39-59577ea2743c) Attack Pattern 2
Exfiltration Over Unencrypted Non-C2 Protocol - T1639.001 (37047267-3e56-453c-833e-d92b68118120) Attack Pattern Exfiltration Over Alternative Protocol - T1639 (3e091a89-a493-4a6c-8e88-d57be19bb98d) Attack Pattern 2