Skip to content

Hide Navigation Hide TOC

Chrysaor (9d7c772b-43f1-49cf-bc70-7a7cd2ed34c8)

Chrysaor is spyware believed to be created by NSO Group Technologies, specializing in the creation and sale of software and infrastructure for targeted attacks. Chrysaor is believed to be related to the Pegasus spyware that was first identified on iOS and analyzed by Citizen Lab and Lookout.

Cluster A Galaxy A Cluster B Galaxy B Level
Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware Chrysaor (9d7c772b-43f1-49cf-bc70-7a7cd2ed34c8) Tool 1
Chrysaor (52acea22-7d88-433c-99e6-8fef1657e3ad) Malpedia Chrysaor (9d7c772b-43f1-49cf-bc70-7a7cd2ed34c8) Tool 1
Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware Chrysaor (9d7c772b-43f1-49cf-bc70-7a7cd2ed34c8) Tool 1
Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) Attack Pattern Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware 2
Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware System Network Connections Discovery - T1421 (dd818ea5-adf5-41c7-93b5-f3b839a219fb) Attack Pattern 2
Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware Stored Application Data - T1409 (702055ac-4e54-4ae9-9527-e23a38e0b160) Attack Pattern 2
Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware Compromise Client Software Binary - T1645 (4f14e30b-8b57-4a7b-9093-2c0778ea99cf) Attack Pattern 2
Exploitation for Client Execution - T1658 (5abfc5e6-3c56-49e7-ad72-502d01acf28b) Attack Pattern Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware 2
Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern 2
Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware Exploitation for Privilege Escalation - T1404 (351c0927-2fc1-4a2c-ad84-cbbee7eb8172) Attack Pattern 2
Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware Exploitation for Initial Access - T1664 (6ecbc2eb-e85a-440a-ab68-4d98f8d56fbe) Attack Pattern 2
Phishing - T1660 (defc1257-4db1-4fb3-8ef5-bb77f63146df) Attack Pattern Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware 2
Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4) Attack Pattern Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware 2
Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware Chrysaor (52acea22-7d88-433c-99e6-8fef1657e3ad) Malpedia 2
Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware System Information Discovery - T1426 (e2ea7f6b-8d4f-49c3-819d-660530d12b77) Attack Pattern 2
Audio Capture - T1429 (6683aa0c-d98a-4f5b-ac57-ca7e9934a760) Attack Pattern Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware 2
Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware Drive-By Compromise - T1456 (fd339382-bfec-4bf0-8d47-1caedc9e7e57) Attack Pattern 2
Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern 2
Pegasus for iOS - S0289 (33d9d91d-aad9-49d5-a516-220ce101ac8a) Malware Out of Band Data - T1644 (ec4c4baa-026f-43e8-8f56-58c36f3162dd) Attack Pattern 2
Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) Attack Pattern Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware 2
Video Capture - T1512 (d8940e76-f9c1-4912-bea6-e21c251370b6) Attack Pattern Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware 2
Internet Connection Discovery - T1422.001 (45a5fe76-eda3-4d40-8f22-c186efd6278d) Attack Pattern Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware 2
Stored Application Data - T1409 (702055ac-4e54-4ae9-9527-e23a38e0b160) Attack Pattern Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware 2
Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware Compromise Client Software Binary - T1645 (4f14e30b-8b57-4a7b-9093-2c0778ea99cf) Attack Pattern 2
Wi-Fi Discovery - T1422.002 (be63612f-a48f-44f2-a7a6-1763509fcf80) Attack Pattern Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware 2
Audio Capture - T1429 (6683aa0c-d98a-4f5b-ac57-ca7e9934a760) Attack Pattern Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware 2
Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2) Attack Pattern Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware 2
Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware Exploitation for Privilege Escalation - T1404 (351c0927-2fc1-4a2c-ad84-cbbee7eb8172) Attack Pattern 2
Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware 2
Chrysaor (52acea22-7d88-433c-99e6-8fef1657e3ad) Malpedia Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware 2
Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd) Attack Pattern 2
Broadcast Receivers - T1624.001 (3775a580-a1d1-46c4-8147-c614a715f2e9) Attack Pattern Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware 2
Out of Band Data - T1644 (ec4c4baa-026f-43e8-8f56-58c36f3162dd) Attack Pattern Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware 2
Calendar Entries - T1636.001 (a9fa0d30-a8ff-45bf-922e-7720da0b7922) Attack Pattern Pegasus for Android - S0316 (93799a9d-3537-43d8-b6f4-17215de1657c) Malware 2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) Attack Pattern 3
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern 3
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern 3
Internet Connection Discovery - T1422.001 (45a5fe76-eda3-4d40-8f22-c186efd6278d) Attack Pattern System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd) Attack Pattern 3
Wi-Fi Discovery - T1422.002 (be63612f-a48f-44f2-a7a6-1763509fcf80) Attack Pattern System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd) Attack Pattern 3
Broadcast Receivers - T1624.001 (3775a580-a1d1-46c4-8147-c614a715f2e9) Attack Pattern Event Triggered Execution - T1624 (d446b9f0-06a9-4a8d-97ee-298cfee84f14) Attack Pattern 3
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern Calendar Entries - T1636.001 (a9fa0d30-a8ff-45bf-922e-7720da0b7922) Attack Pattern 3