Register to stream ATT&CKcon 2.0 October 29-30


Pallas is mobile surveillanceware that was custom-developed by Dark Caracal.[1]

ID: S0399
Platforms: Android
Version: 1.0

Techniques Used

Domain ID Name Use
Mobile T1433 Access Call Log Pallas accesses and exfiltrates the call log. [1]
Mobile T1432 Access Contact List Pallas accesses the device contact list. [1]
Mobile T1409 Access Sensitive Data or Credentials in Files Pallas retrieves messages and decryption keys for popular messaging applications and other accounts stored on the device. [1]
Mobile T1418 Application Discovery Pallas retrieves a list of all applications installed on the device. [1]
Mobile T1412 Capture SMS Messages Pallas captures and exfiltrates all SMS messages, including future messages as they are received. [1]
Mobile T1407 Download New Code at Runtime Pallas has the ability to download and install attacker-specified applications. [1]
Mobile T1430 Location Tracking Pallas tracks the latitude and longitude coordinates of the infected device. [1]
Mobile T1429 Microphone or Camera Recordings Pallas takes pictures with both the front and rear-facing cameras and also captures audio from the device microphone. [1]
Mobile T1437 Standard Application Layer Protocol Pallas exfiltrates data using HTTP. [1]
Mobile T1426 System Information Discovery Pallas queries the device for metadata, such as device ID, OS version, and the number of cameras. [1]
Mobile T1411 User Interface Spoofing Pallas uses phishing popups to harvest user credentials. [1]
Mobile T1447 Wipe Device Data Pallas has the ability to delete attacker-specified files from compromised devices. [1]

Groups That Use This Software

ID Name References
G0070 Dark Caracal [1]