Movatterモバイル変換

[0]ホーム
URL:

  1. Home
  2. Groups
  3. APT-C-23

APT-C-23

APT-C-23 is a threat group that has been active since at least 2014.[1]APT-C-23 has primarily focused its operations on the Middle East, including Israeli military assets.APT-C-23 has developed mobile spyware targeting Android and iOS devices since 2017.[2]

ID: G1028
Associated Groups: Mantis, Arid Viper, Desert Falcon, TAG-63, Grey Karkadann, Big Bang APT, Two-tailed Scorpion
Contributors: Sittikorn Sangrattanapitak
Version: 1.0
Created: 26 March 2024
Last Modified: 17 November 2024

Associated Group Descriptions

NameDescription
Mantis

[1][3]

Arid Viper

[2][3][4]

Desert Falcon

[2][3][4]

Grey Karkadann

[3]

Big Bang APT

[5]

Two-tailed Scorpion

[2]

Mobile Layer
downloadview

Techniques Used

DomainIDNameUse
MobileT1655.001Masquerading:Match Legitimate Name or Location

APT-C-23 has masqueraded malware as legitimate applications.[2][6][7]

MobileT1660Phishing

APT-C-23 sends malicious links to victims to download the masqueraded application.[7][6]

MobileT1422System Network Configuration Discovery

APT-C-23 can collect the victim’s phone number, device information, IMSI, etc.[6]

Software

IDNameReferencesTechniques
S0505Desert ScorpionArchive Collected Data,Audio Capture,Data from Local System,Download New Code at Runtime,File and Directory Discovery,Hide Artifacts:Suppress Application Icon,Indicator Removal on Host:File Deletion,Location Tracking,Out of Band Data,Protected User Data:SMS Messages,Protected User Data:Contact List,SMS Control,Software Discovery,Stored Application Data,Subvert Trust Controls:Code Signing Policy Modification,System Information Discovery,Video Capture
S0577FrozenCellArchive Collected Data,Audio Capture,Data from Local System,Download New Code at Runtime,File and Directory Discovery,Location Tracking,Masquerading:Match Legitimate Name or Location,Protected User Data:SMS Messages,Stored Application Data,System Information Discovery,System Network Configuration Discovery
S0339MicropsiaApplication Layer Protocol:Web Protocols,Archive Collected Data:Archive via Utility,Audio Capture,Automated Collection,Boot or Logon Autostart Execution:Shortcut Modification,Command and Scripting Interpreter:Windows Command Shell,File and Directory Discovery,Hide Artifacts:Hidden Files and Directories,Ingress Tool Transfer,Input Capture:Keylogging,Obfuscated Files or Information:Encrypted/Encoded File,Screen Capture,Software Discovery:Security Software Discovery,System Information Discovery,System Owner/User Discovery,Windows Management Instrumentation
S1126Phenakite[3][4]Audio Capture,Data from Local System,Exploitation for Privilege Escalation,Ingress Tool Transfer,Input Capture,Masquerading:Match Legitimate Name or Location,Protected User Data:SMS Messages,Protected User Data:Contact List,System Information Discovery,Video Capture
S1195SpyC23[2][4][6][7]Access Notifications,Application Layer Protocol:Web Protocols,Audio Capture,Call Control,Data from Local System,Event Triggered Execution:Broadcast Receivers,Hide Artifacts:User Evasion,Hide Artifacts:Suppress Application Icon,Impair Defenses:Disable or Modify Tools,Ingress Tool Transfer,Location Tracking,Masquerading:Match Legitimate Name or Location,Obfuscated Files or Information,Out of Band Data,Protected User Data:Contact List,Protected User Data:Call Log,Protected User Data:SMS Messages,Screen Capture,SMS Control,Video Capture,Virtualization/Sandbox Evasion

References

×
[8]ページ先頭
©2009-2026 Movatter.jp