Golden Cup
Golden Cup is Android spyware that has been used to target World Cup fans.[1]
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Mobile | T1437 | .001 | Application Layer Protocol: Web Protocols |
Golden Cup has communicated with the C2 using MQTT and HTTP.[1] |
| Mobile | T1532 | Archive Collected Data |
Golden Cup has encrypted exfiltrated data using AES in ECB mode.[1] |
|
| Mobile | T1429 | Audio Capture |
Golden Cup can record audio from the microphone and phone calls.[1] |
|
| Mobile | T1533 | Data from Local System |
Golden Cup can collect images, videos, and attacker-specified files.[1] |
|
| Mobile | T1407 | Download New Code at Runtime |
Golden Cup has been distributed in two stages.[1] |
|
| Mobile | T1420 | File and Directory Discovery |
Golden Cup can collect a directory listing of external storage.[1] |
|
| Mobile | T1430 | Location Tracking |
Golden Cup can track the device’s location.[1] |
|
| Mobile | T1636 | .003 | Protected User Data: Contact List |
Golden Cup can collect the device’s contact list.[1] |
| .004 | Protected User Data: SMS Messages |
Golden Cup can collect sent and received SMS messages.[1] |
||
| Mobile | T1418 | Software Discovery |
Golden Cup can obtain a list of installed applications.[1] |
|
| Mobile | T1426 | System Information Discovery |
Golden Cup can collect various pieces of device information, such as serial number and product information.[1] |
|
| Mobile | T1422 | System Network Configuration Discovery |
Golden Cup can collect the device’s phone number and IMSI.[1] |
|
| Mobile | T1512 | Video Capture |
Golden Cup can take pictures with the camera.[1] |
|