Skip to content

Hide Navigation Hide TOC

Phenakite - S1126 (f97e2718-af50-41df-811f-215ebab45691)

Phenakite is a mobile malware that is used by APT-C-23 to target iOS devices. According to several reports, Phenakite was developed to fill a tooling gap and to target those who owned iPhones instead of Windows desktops or Android phones.(Citation: sentinelone_israel_hamas_war)(Citation: fb_arid_viper)

Cluster A Galaxy A Cluster B Galaxy B Level
System Information Discovery - T1426 (e2ea7f6b-8d4f-49c3-819d-660530d12b77) Attack Pattern Phenakite - S1126 (f97e2718-af50-41df-811f-215ebab45691) Malware 1
Phenakite - S1126 (f97e2718-af50-41df-811f-215ebab45691) Malware Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern 1
Phenakite - S1126 (f97e2718-af50-41df-811f-215ebab45691) Malware Audio Capture - T1429 (6683aa0c-d98a-4f5b-ac57-ca7e9934a760) Attack Pattern 1
Phenakite - S1126 (f97e2718-af50-41df-811f-215ebab45691) Malware Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern 1
Ingress Tool Transfer - T1544 (2bb20118-e6c0-41dc-a07c-283ea4dd0fb8) Attack Pattern Phenakite - S1126 (f97e2718-af50-41df-811f-215ebab45691) Malware 1
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern Phenakite - S1126 (f97e2718-af50-41df-811f-215ebab45691) Malware 1
Phenakite - S1126 (f97e2718-af50-41df-811f-215ebab45691) Malware Exploitation for Privilege Escalation - T1404 (351c0927-2fc1-4a2c-ad84-cbbee7eb8172) Attack Pattern 1
Video Capture - T1512 (d8940e76-f9c1-4912-bea6-e21c251370b6) Attack Pattern Phenakite - S1126 (f97e2718-af50-41df-811f-215ebab45691) Malware 1
Data from Local System - T1533 (e1c912a9-e305-434b-9172-8a6ce3ec9c4a) Attack Pattern Phenakite - S1126 (f97e2718-af50-41df-811f-215ebab45691) Malware 1
Phenakite - S1126 (f97e2718-af50-41df-811f-215ebab45691) Malware Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad) Attack Pattern 1
Masquerading - T1655 (f856eaab-e84a-4265-a8a2-7bf37e5dc2fc) Attack Pattern Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern 2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern 2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern 2