Skip to content

Hide Navigation Hide TOC

Chrysaor (9d7c772b-43f1-49cf-bc70-7a7cd2ed34c8)

Chrysaor is spyware believed to be created by NSO Group Technologies, specializing in the creation and sale of software and infrastructure for targeted attacks. Chrysaor is believed to be related to the Pegasus spyware that was first identified on iOS and analyzed by Citizen Lab and Lookout.

Cluster A Galaxy A Cluster B Galaxy B Level
Chrysaor (9d7c772b-43f1-49cf-bc70-7a7cd2ed34c8) Tool Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware 1
Chrysaor (9d7c772b-43f1-49cf-bc70-7a7cd2ed34c8) Tool Chrysaor (52acea22-7d88-433c-99e6-8fef1657e3ad) Malpedia 1
Chrysaor (9d7c772b-43f1-49cf-bc70-7a7cd2ed34c8) Tool Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware 1
Audio Capture - T1429 (6683aa0c-d98a-4f5b-ac57-ca7e9934a760) Attack Pattern Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware 2
Out of Band Data - T1644 (ec4c4baa-026f-43e8-8f56-58c36f3162dd) Attack Pattern Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware 2
Drive-By Compromise - T1456 (fd339382-bfec-4bf0-8d47-1caedc9e7e57) Attack Pattern Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware 2
Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern 2
System Network Connections Discovery - T1421 (dd818ea5-adf5-41c7-93b5-f3b839a219fb) Attack Pattern Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware 2
Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) Attack Pattern Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware 2
Compromise Client Software Binary - T1645 (4f14e30b-8b57-4a7b-9093-2c0778ea99cf) Attack Pattern Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware 2
Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware Stored Application Data - T1409 (702055ac-4e54-4ae9-9527-e23a38e0b160) Attack Pattern 2
Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware Exploitation for Client Execution - T1658 (5abfc5e6-3c56-49e7-ad72-502d01acf28b) Attack Pattern 2
Exploitation for Privilege Escalation - T1404 (351c0927-2fc1-4a2c-ad84-cbbee7eb8172) Attack Pattern Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware 2
Exploitation for Initial Access - T1664 (6ecbc2eb-e85a-440a-ab68-4d98f8d56fbe) Attack Pattern Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware 2
Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware Phishing - T1660 (defc1257-4db1-4fb3-8ef5-bb77f63146df) Attack Pattern 2
Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern 2
System Information Discovery - T1426 (e2ea7f6b-8d4f-49c3-819d-660530d12b77) Attack Pattern Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware 2
Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4) Attack Pattern Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware 2
Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware Chrysaor (52acea22-7d88-433c-99e6-8fef1657e3ad) Malpedia 2
Broadcast Receivers - T1624.001 (3775a580-a1d1-46c4-8147-c614a715f2e9) Attack Pattern Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware 2
Audio Capture - T1429 (6683aa0c-d98a-4f5b-ac57-ca7e9934a760) Attack Pattern Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware 2
Out of Band Data - T1644 (ec4c4baa-026f-43e8-8f56-58c36f3162dd) Attack Pattern Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware 2
Calendar Entries - T1636.001 (a9fa0d30-a8ff-45bf-922e-7720da0b7922) Attack Pattern Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware 2
Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) Attack Pattern Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware 2
Compromise Client Software Binary - T1645 (4f14e30b-8b57-4a7b-9093-2c0778ea99cf) Attack Pattern Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware 2
Internet Connection Discovery - T1422.001 (45a5fe76-eda3-4d40-8f22-c186efd6278d) Attack Pattern Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware 2
Stored Application Data - T1409 (702055ac-4e54-4ae9-9527-e23a38e0b160) Attack Pattern Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware 2
Video Capture - T1512 (d8940e76-f9c1-4912-bea6-e21c251370b6) Attack Pattern Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware 2
Wi-Fi Discovery - T1422.002 (be63612f-a48f-44f2-a7a6-1763509fcf80) Attack Pattern Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware 2
Exploitation for Privilege Escalation - T1404 (351c0927-2fc1-4a2c-ad84-cbbee7eb8172) Attack Pattern Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware 2
Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2) Attack Pattern Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware 2
Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware 2
System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd) Attack Pattern Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware 2
Chrysaor (52acea22-7d88-433c-99e6-8fef1657e3ad) Malpedia Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware 2
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern 3
Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) Attack Pattern Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern 3
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern 3
Broadcast Receivers - T1624.001 (3775a580-a1d1-46c4-8147-c614a715f2e9) Attack Pattern Event Triggered Execution - T1624 (d446b9f0-06a9-4a8d-97ee-298cfee84f14) Attack Pattern 3
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern Calendar Entries - T1636.001 (a9fa0d30-a8ff-45bf-922e-7720da0b7922) Attack Pattern 3
System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd) Attack Pattern Internet Connection Discovery - T1422.001 (45a5fe76-eda3-4d40-8f22-c186efd6278d) Attack Pattern 3
Wi-Fi Discovery - T1422.002 (be63612f-a48f-44f2-a7a6-1763509fcf80) Attack Pattern System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd) Attack Pattern 3