Corona Updates - S0425 (366c800f-97a8-48d5-b0a6-79d00198252a)

Corona Updates is Android spyware that took advantage of the Coronavirus pandemic. The campaign distributing this spyware is tracked as Project Spy. Multiple variants of this spyware have been discovered to have been hosted on the Google Play Store.(Citation: TrendMicro Coronavirus Updates)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Access Notifications - T1517 (39dd7871-f59b-495f-a9a5-3cb8cc50c9b2)	Attack Pattern	Corona Updates - S0425 (366c800f-97a8-48d5-b0a6-79d00198252a)	Malware	1
Corona Updates - S0425 (366c800f-97a8-48d5-b0a6-79d00198252a)	Malware	Video Capture - T1512 (d8940e76-f9c1-4912-bea6-e21c251370b6)	Attack Pattern	1
Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add)	Attack Pattern	Corona Updates - S0425 (366c800f-97a8-48d5-b0a6-79d00198252a)	Malware	1
SMS Control - T1582 (b327a9c0-e709-495c-aa6e-00b042136e2b)	Attack Pattern	Corona Updates - S0425 (366c800f-97a8-48d5-b0a6-79d00198252a)	Malware	1
Corona Updates - S0425 (366c800f-97a8-48d5-b0a6-79d00198252a)	Malware	Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86)	Attack Pattern	1
Data from Local System - T1533 (e1c912a9-e305-434b-9172-8a6ce3ec9c4a)	Attack Pattern	Corona Updates - S0425 (366c800f-97a8-48d5-b0a6-79d00198252a)	Malware	1
System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd)	Attack Pattern	Corona Updates - S0425 (366c800f-97a8-48d5-b0a6-79d00198252a)	Malware	1
System Information Discovery - T1426 (e2ea7f6b-8d4f-49c3-819d-660530d12b77)	Attack Pattern	Corona Updates - S0425 (366c800f-97a8-48d5-b0a6-79d00198252a)	Malware	1
Internet Connection Discovery - T1422.001 (45a5fe76-eda3-4d40-8f22-c186efd6278d)	Attack Pattern	Corona Updates - S0425 (366c800f-97a8-48d5-b0a6-79d00198252a)	Malware	1
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002)	Attack Pattern	Corona Updates - S0425 (366c800f-97a8-48d5-b0a6-79d00198252a)	Malware	1
Corona Updates - S0425 (366c800f-97a8-48d5-b0a6-79d00198252a)	Malware	Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4)	Attack Pattern	1
Audio Capture - T1429 (6683aa0c-d98a-4f5b-ac57-ca7e9934a760)	Attack Pattern	Corona Updates - S0425 (366c800f-97a8-48d5-b0a6-79d00198252a)	Malware	1
Exfiltration Over Unencrypted Non-C2 Protocol - T1639.001 (37047267-3e56-453c-833e-d92b68118120)	Attack Pattern	Corona Updates - S0425 (366c800f-97a8-48d5-b0a6-79d00198252a)	Malware	1
Wi-Fi Discovery - T1422.002 (be63612f-a48f-44f2-a7a6-1763509fcf80)	Attack Pattern	Corona Updates - S0425 (366c800f-97a8-48d5-b0a6-79d00198252a)	Malware	1
Corona Updates - S0425 (366c800f-97a8-48d5-b0a6-79d00198252a)	Malware	Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d)	Attack Pattern	1
Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add)	Attack Pattern	Application Layer Protocol - T1437 (6a3f6490-9c44-40de-b059-e5940f246673)	Attack Pattern	2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e)	Attack Pattern	Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86)	Attack Pattern	2
Internet Connection Discovery - T1422.001 (45a5fe76-eda3-4d40-8f22-c186efd6278d)	Attack Pattern	System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd)	Attack Pattern	2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e)	Attack Pattern	SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002)	Attack Pattern	2
Exfiltration Over Alternative Protocol - T1639 (3e091a89-a493-4a6c-8e88-d57be19bb98d)	Attack Pattern	Exfiltration Over Unencrypted Non-C2 Protocol - T1639.001 (37047267-3e56-453c-833e-d92b68118120)	Attack Pattern	2
Wi-Fi Discovery - T1422.002 (be63612f-a48f-44f2-a7a6-1763509fcf80)	Attack Pattern	System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd)	Attack Pattern	2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e)	Attack Pattern	Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d)	Attack Pattern	2