BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4)

BusyGasper is Android spyware that has been in use since May 2016. There have been less than 10 victims, all who appear to be located in Russia, that were all infected via physical access to the device.(Citation: SecureList BusyGasper)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Screen Capture - T1513 (73c26732-6422-4081-8b63-6d0ae93d449e)	Attack Pattern	BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4)	Malware	1
BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4)	Malware	User Evasion - T1628.002 (24a77e53-0751-46fc-b207-99378fb35c08)	Attack Pattern	1
BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4)	Malware	Bidirectional Communication - T1481.002 (939808a7-121d-467a-b028-4441ee8b7cee)	Attack Pattern	1
BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4)	Malware	Stored Application Data - T1409 (702055ac-4e54-4ae9-9527-e23a38e0b160)	Attack Pattern	1
BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4)	Malware	Video Capture - T1512 (d8940e76-f9c1-4912-bea6-e21c251370b6)	Attack Pattern	1
SMS Control - T1582 (b327a9c0-e709-495c-aa6e-00b042136e2b)	Attack Pattern	BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4)	Malware	1
Data from Local System - T1533 (e1c912a9-e305-434b-9172-8a6ce3ec9c4a)	Attack Pattern	BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4)	Malware	1
BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4)	Malware	Keylogging - T1417.001 (b1c95426-2550-4621-8028-ceebf28b3a47)	Attack Pattern	1
BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4)	Malware	Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6)	Attack Pattern	1
Download New Code at Runtime - T1407 (6c49d50f-494d-4150-b774-a655022d20a6)	Attack Pattern	BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4)	Malware	1
Out of Band Data - T1644 (ec4c4baa-026f-43e8-8f56-58c36f3162dd)	Attack Pattern	BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4)	Malware	1
BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4)	Malware	Call Control - T1616 (351ddf79-2d3a-41b4-9bef-82ea5d3ccd69)	Attack Pattern	1
BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4)	Malware	Unix Shell - T1623.001 (693cdbff-ea73-49c6-ac3f-91e7285c31d1)	Attack Pattern	1
BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4)	Malware	Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4)	Attack Pattern	1
BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4)	Malware	SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002)	Attack Pattern	1
BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4)	Malware	Compromise Client Software Binary - T1645 (4f14e30b-8b57-4a7b-9093-2c0778ea99cf)	Attack Pattern	1
BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4)	Malware	Audio Capture - T1429 (6683aa0c-d98a-4f5b-ac57-ca7e9934a760)	Attack Pattern	1
BusyGasper - S0655 (e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4)	Malware	Exfiltration Over Unencrypted Non-C2 Protocol - T1639.001 (37047267-3e56-453c-833e-d92b68118120)	Attack Pattern	1
Hide Artifacts - T1628 (fc53309d-ebd5-4573-9242-57024ebdad4f)	Attack Pattern	User Evasion - T1628.002 (24a77e53-0751-46fc-b207-99378fb35c08)	Attack Pattern	2
Bidirectional Communication - T1481.002 (939808a7-121d-467a-b028-4441ee8b7cee)	Attack Pattern	Web Service - T1481 (c6a146ae-9c63-4606-97ff-e261e76e8380)	Attack Pattern	2
Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad)	Attack Pattern	Keylogging - T1417.001 (b1c95426-2550-4621-8028-ceebf28b3a47)	Attack Pattern	2
Hide Artifacts - T1628 (fc53309d-ebd5-4573-9242-57024ebdad4f)	Attack Pattern	Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6)	Attack Pattern	2
Command and Scripting Interpreter - T1623 (29f1f56c-7b7a-4c14-9e39-59577ea2743c)	Attack Pattern	Unix Shell - T1623.001 (693cdbff-ea73-49c6-ac3f-91e7285c31d1)	Attack Pattern	2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e)	Attack Pattern	SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002)	Attack Pattern	2
Exfiltration Over Alternative Protocol - T1639 (3e091a89-a493-4a6c-8e88-d57be19bb98d)	Attack Pattern	Exfiltration Over Unencrypted Non-C2 Protocol - T1639.001 (37047267-3e56-453c-833e-d92b68118120)	Attack Pattern	2