Bouncing Golf

Bouncing Golf is a cyberespionage campaign targeting Middle Eastern countries.^[1]

ID: G0097

Version: 1.0

Created: 27 January 2020

Last Modified: 26 March 2020

Version Permalink

Live Version

Techniques Used

Domain	ID		Name	Use
Mobile	T1476		Deliver Malicious App via Other Means	Bouncing Golf delivered GolfSpy via a hosted application binary advertised on social media.^[1]
Mobile	T1444		Masquerade as Legitimate Application	Bouncing Golf distributed malware as repackaged legitimate applications, with the malicious code in the `com.golf` package.^[1]

Software

ID	Name	References	Techniques
S0421	GolfSpy	^[1]	Access Call Log, Access Contact List, Application Discovery, Broadcast Receivers, Capture Audio, Capture Camera, Capture Clipboard Data, Capture SMS Messages, Data Encrypted, Data from Local System, Delete Device Data, Deliver Malicious App via Other Means, Location Tracking, Obfuscated Files or Information, Process Discovery, Screen Capture, Standard Application Layer Protocol, System Information Discovery

References

E. Xu, G. Guo. (2019, June 28). Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.