Skip to content

Hide Navigation Hide TOC

Chrysaor (9d7c772b-43f1-49cf-bc70-7a7cd2ed34c8)

Chrysaor is spyware believed to be created by NSO Group Technologies, specializing in the creation and sale of software and infrastructure for targeted attacks. Chrysaor is believed to be related to the Pegasus spyware that was first identified on iOS and analyzed by Citizen Lab and Lookout.

Cluster A Galaxy A Cluster B Galaxy B Level
Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware Chrysaor (9d7c772b-43f1-49cf-bc70-7a7cd2ed34c8) Tool 1
Chrysaor (9d7c772b-43f1-49cf-bc70-7a7cd2ed34c8) Tool Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware 1
Chrysaor (9d7c772b-43f1-49cf-bc70-7a7cd2ed34c8) Tool Chrysaor (52acea22-7d88-433c-99e6-8fef1657e3ad) Malpedia 1
Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2) Attack Pattern 2
Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern 2
Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware Chrysaor (52acea22-7d88-433c-99e6-8fef1657e3ad) Malpedia 2
Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd) Attack Pattern 2
Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware Broadcast Receivers - T1624.001 (3775a580-a1d1-46c4-8147-c614a715f2e9) Attack Pattern 2
Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware Audio Capture - T1429 (6683aa0c-d98a-4f5b-ac57-ca7e9934a760) Attack Pattern 2
Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware Calendar Entries - T1636.001 (a9fa0d30-a8ff-45bf-922e-7720da0b7922) Attack Pattern 2
Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware Out of Band Data - T1644 (ec4c4baa-026f-43e8-8f56-58c36f3162dd) Attack Pattern 2
Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) Attack Pattern 2
Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware Video Capture - T1512 (d8940e76-f9c1-4912-bea6-e21c251370b6) Attack Pattern 2
Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware Internet Connection Discovery - T1422.001 (45a5fe76-eda3-4d40-8f22-c186efd6278d) Attack Pattern 2
Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware Stored Application Data - T1409 (702055ac-4e54-4ae9-9527-e23a38e0b160) Attack Pattern 2
Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware Compromise Client Software Binary - T1645 (4f14e30b-8b57-4a7b-9093-2c0778ea99cf) Attack Pattern 2
Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware Wi-Fi Discovery - T1422.002 (be63612f-a48f-44f2-a7a6-1763509fcf80) Attack Pattern 2
Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware Exploitation for Privilege Escalation - T1404 (351c0927-2fc1-4a2c-ad84-cbbee7eb8172) Attack Pattern 2
Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware 2
Exploitation for Initial Access - T1664 (6ecbc2eb-e85a-440a-ab68-4d98f8d56fbe) Attack Pattern Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware 2
Compromise Client Software Binary - T1645 (4f14e30b-8b57-4a7b-9093-2c0778ea99cf) Attack Pattern Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware 2
Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4) Attack Pattern 2
Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware Chrysaor (52acea22-7d88-433c-99e6-8fef1657e3ad) Malpedia 2
System Information Discovery - T1426 (e2ea7f6b-8d4f-49c3-819d-660530d12b77) Attack Pattern Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware 2
Audio Capture - T1429 (6683aa0c-d98a-4f5b-ac57-ca7e9934a760) Attack Pattern Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware 2
Drive-By Compromise - T1456 (fd339382-bfec-4bf0-8d47-1caedc9e7e57) Attack Pattern Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware 2
Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern 2
Out of Band Data - T1644 (ec4c4baa-026f-43e8-8f56-58c36f3162dd) Attack Pattern Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware 2
Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) Attack Pattern Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware 2
Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware System Network Connections Discovery - T1421 (dd818ea5-adf5-41c7-93b5-f3b839a219fb) Attack Pattern 2
Stored Application Data - T1409 (702055ac-4e54-4ae9-9527-e23a38e0b160) Attack Pattern Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware 2
Exploitation for Client Execution - T1658 (5abfc5e6-3c56-49e7-ad72-502d01acf28b) Attack Pattern Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware 2
Exploitation for Privilege Escalation - T1404 (351c0927-2fc1-4a2c-ad84-cbbee7eb8172) Attack Pattern Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware 2
Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware Phishing - T1660 (defc1257-4db1-4fb3-8ef5-bb77f63146df) Attack Pattern 2
Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern 3
Event Triggered Execution - T1624 (d446b9f0-06a9-4a8d-97ee-298cfee84f14) Attack Pattern Broadcast Receivers - T1624.001 (3775a580-a1d1-46c4-8147-c614a715f2e9) Attack Pattern 3
Calendar Entries - T1636.001 (a9fa0d30-a8ff-45bf-922e-7720da0b7922) Attack Pattern Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern 3
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) Attack Pattern 3
System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd) Attack Pattern Internet Connection Discovery - T1422.001 (45a5fe76-eda3-4d40-8f22-c186efd6278d) Attack Pattern 3
System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd) Attack Pattern Wi-Fi Discovery - T1422.002 (be63612f-a48f-44f2-a7a6-1763509fcf80) Attack Pattern 3
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern 3