Skip to content

Hide Navigation Hide TOC

Gustuff - S0406 (ff8e0c38-be47-410f-a2d3-a3d24a87c617)

Gustuff is mobile malware designed to steal users' banking and virtual currency credentials.(Citation: Talos Gustuff Apr 2019)

Cluster A Galaxy A Cluster B Galaxy B Level
GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512) Attack Pattern Gustuff - S0406 (ff8e0c38-be47-410f-a2d3-a3d24a87c617) Malware 1
Data from Local System - T1533 (e1c912a9-e305-434b-9172-8a6ce3ec9c4a) Attack Pattern Gustuff - S0406 (ff8e0c38-be47-410f-a2d3-a3d24a87c617) Malware 1
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern Gustuff - S0406 (ff8e0c38-be47-410f-a2d3-a3d24a87c617) Malware 1
System Information Discovery - T1426 (e2ea7f6b-8d4f-49c3-819d-660530d12b77) Attack Pattern Gustuff - S0406 (ff8e0c38-be47-410f-a2d3-a3d24a87c617) Malware 1
Out of Band Data - T1644 (ec4c4baa-026f-43e8-8f56-58c36f3162dd) Attack Pattern Gustuff - S0406 (ff8e0c38-be47-410f-a2d3-a3d24a87c617) Malware 1
Gustuff - S0406 (ff8e0c38-be47-410f-a2d3-a3d24a87c617) Malware Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6) Attack Pattern 1
Gustuff - S0406 (ff8e0c38-be47-410f-a2d3-a3d24a87c617) Malware Security Software Discovery - T1418.001 (1d44f529-6fe6-489f-8a01-6261ac43f05e) Attack Pattern 1
Prevent Application Removal - T1629.001 (dc01774a-d1c1-45fb-b506-0a5d1d6593d9) Attack Pattern Gustuff - S0406 (ff8e0c38-be47-410f-a2d3-a3d24a87c617) Malware 1
Gustuff - S0406 (ff8e0c38-be47-410f-a2d3-a3d24a87c617) Malware System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd) Attack Pattern 1
Gustuff - S0406 (ff8e0c38-be47-410f-a2d3-a3d24a87c617) Malware Input Injection - T1516 (d1f1337e-aea7-454c-86bd-482a98ffaf62) Attack Pattern 1
Gustuff - S0406 (ff8e0c38-be47-410f-a2d3-a3d24a87c617) Malware Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern 1
Gustuff - S0406 (ff8e0c38-be47-410f-a2d3-a3d24a87c617) Malware Keylogging - T1417.001 (b1c95426-2550-4621-8028-ceebf28b3a47) Attack Pattern 1
Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add) Attack Pattern Gustuff - S0406 (ff8e0c38-be47-410f-a2d3-a3d24a87c617) Malware 1
Gustuff - S0406 (ff8e0c38-be47-410f-a2d3-a3d24a87c617) Malware Software Packing - T1406.002 (51636761-2e35-44bf-9e56-e337adf97174) Attack Pattern 1
Gustuff - S0406 (ff8e0c38-be47-410f-a2d3-a3d24a87c617) Malware Obfuscated Files or Information - T1406 (d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a) Attack Pattern 1
GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512) Attack Pattern Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad) Attack Pattern 2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern 2
Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6) Attack Pattern Hide Artifacts - T1628 (fc53309d-ebd5-4573-9242-57024ebdad4f) Attack Pattern 2
Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2) Attack Pattern Security Software Discovery - T1418.001 (1d44f529-6fe6-489f-8a01-6261ac43f05e) Attack Pattern 2
Prevent Application Removal - T1629.001 (dc01774a-d1c1-45fb-b506-0a5d1d6593d9) Attack Pattern Impair Defenses - T1629 (20b0931a-8952-42ca-975f-775bad295f1a) Attack Pattern 2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern 2
Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad) Attack Pattern Keylogging - T1417.001 (b1c95426-2550-4621-8028-ceebf28b3a47) Attack Pattern 2
Application Layer Protocol - T1437 (6a3f6490-9c44-40de-b059-e5940f246673) Attack Pattern Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add) Attack Pattern 2
Software Packing - T1406.002 (51636761-2e35-44bf-9e56-e337adf97174) Attack Pattern Obfuscated Files or Information - T1406 (d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a) Attack Pattern 2