ATT&CK v16 has been released! Check out the blog post for more information.

Concipit1248

Concipit1248 is iOS spyware that was discovered using the same name as the developer of the Android spyware Corona Updates. Further investigation revealed that the two pieces of software contained the same C2 URL and similar functionality.^[1]

ID: S0426

ⓘ

Associated Software: Corona Updates

ⓘ

Type: MALWARE

ⓘ

Platforms: iOS

Version: 1.0

Created: 24 April 2020

Last Modified: 30 April 2020

Version Permalink

Live Version

Associated Software Descriptions

Name	Description
Corona Updates	^[1]

Techniques Used

Domain	ID		Name	Use
Mobile	T1437	.001	Application Layer Protocol: Web Protocols	Concipit1248 communicates with the C2 server using HTTP requests.^[1]
Mobile	T1533		Data from Local System	Concipit1248 can collect device photos.^[1]
Mobile	T1512		Video Capture	Concipit1248 requests permissions to use the device camera.^[1]

References

T. Bao, J. Lu. (2020, April 14). Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020.

Concipit1248

Associated Software Descriptions

Mobile Layer

Techniques Used

References