Bouncing Golf

Bouncing Golf is a cyberespionage campaign targeting Middle Eastern countries.[1]

ID: G0097
Version: 1.0
Created: 27 January 2020
Last Modified: 26 March 2020

Techniques Used

Domain ID Name Use
Mobile T1476 Deliver Malicious App via Other Means

Bouncing Golf delivered GolfSpy via a hosted application binary advertised on social media.[1]

Mobile T1444 Masquerade as Legitimate Application

Bouncing Golf distributed malware as repackaged legitimate applications, with the malicious code in the com.golf package.[1]

Software

ID Name References Techniques
S0421 GolfSpy

[1]

Access Call Log, Access Contact List, Application Discovery, Broadcast Receivers, Capture Audio, Capture Camera, Capture Clipboard Data, Capture SMS Messages, Data Encrypted, Data from Local System, Delete Device Data, Deliver Malicious App via Other Means, Location Tracking, Obfuscated Files or Information, Process Discovery, Screen Capture, Standard Application Layer Protocol, System Information Discovery

References