JUST RELEASED: ATT&CK for Industrial Control Systems


Tangelo is iOS malware that is believed to be from the same developers as the Stealth Mango Android malware. It is not a mobile application, but rather a Debian package that can only run on jailbroken iOS devices. [1]

ID: S0329
Platforms: iOS
Version: 1.2
Created: 17 October 2018
Last Modified: 10 October 2019

Techniques Used

Domain ID Name Use
Mobile T1433 Access Call Log

Tangelo contains functionality to gather call logs.[1]

Mobile T1409 Access Stored Application Data

Tangelo accesses databases from WhatsApp, Viber, Skype, and Line.[1]

Mobile T1429 Capture Audio

Tangelo contains functionality to record calls as well as the victim device's environment.[1]

Mobile T1412 Capture SMS Messages

Tangelo contains functionality to gather SMS messages.[1]

Mobile T1533 Data from Local System

Tangelo accesses browser history, pictures, and videos.[1]

Mobile T1430 Location Tracking

Tangelo contains functionality to gather GPS coordinates.[1]

Mobile T1422 System Network Configuration Discovery

Tangelo contains functionality to gather cellular IDs.[1]