1. Home
  2. Groups
  3. Bouncing Golf

Bouncing Golf

Bouncing Golf is a cyberespionage campaign targeting Middle Eastern countries.[1]

ID: G0097
Version: 1.0
Created: 27 January 2020
Last Modified: 25 April 2025
Version Permalink
Mobile Layer
download view

Techniques Used

Domain ID Name Use
Mobile T1655 .001 Masquerading: Match Legitimate Name or Location

Bouncing Golf distributed malware as repackaged legitimate applications, with the malicious code in the com.golf package.[1]

Software

ID Name References Techniques
S0421 GolfSpy [1] Archive Collected Data, Audio Capture, Clipboard Data, Data from Local System, Event Triggered Execution: Broadcast Receivers, Exfiltration Over C2 Channel, Indicator Removal on Host: File Deletion, Location Tracking, Obfuscated Files or Information, Process Discovery, Protected User Data: SMS Messages, Protected User Data: Contact List, Protected User Data: Call Log, Screen Capture, Software Discovery, System Information Discovery, Video Capture

References

  1. E. Xu, G. Guo. (2019, June 28). Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.