{"description": "Mobile techniques used by BusyGasper, ATT&CK software S0655 (v1.0)", "name": "BusyGasper (S0655)", "domain": "mobile-attack", "versions": {"layer": "4.5", "attack": "17", "navigator": "5.1.0"}, "techniques": [{"techniqueID": "T1429", "comment": "[BusyGasper](https://attack.mitre.org/software/S0655) can record audio.(Citation: SecureList BusyGasper)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1616", "comment": "[BusyGasper](https://attack.mitre.org/software/S0655) can open a hidden menu when a specific phone number is called from the infected device.(Citation: SecureList BusyGasper)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1623", "showSubtechniques": true}, {"techniqueID": "T1623.001", "comment": "[BusyGasper](https://attack.mitre.org/software/S0655) can run shell commands.(Citation: SecureList BusyGasper)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1645", "comment": "[BusyGasper](https://attack.mitre.org/software/S0655) can abuse existing root access to copy components into the system partition.(Citation: SecureList BusyGasper)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1533", "comment": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect images stored on the device and browser history.(Citation: SecureList BusyGasper)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1407", "comment": "[BusyGasper](https://attack.mitre.org/software/S0655) can download a payload or updates from either its C2 server or email attachments in the adversary\u2019s inbox.(Citation: SecureList BusyGasper)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1639", "showSubtechniques": true}, {"techniqueID": "T1639.001", "comment": "[BusyGasper](https://attack.mitre.org/software/S0655) can download text files with commands from an FTP server and exfiltrate data via email.(Citation: SecureList BusyGasper)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1628", "showSubtechniques": true}, {"techniqueID": "T1628.001", "comment": "[BusyGasper](https://attack.mitre.org/software/S0655) can hide its icon.(Citation: SecureList BusyGasper)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1628.002", "comment": "[BusyGasper](https://attack.mitre.org/software/S0655) can utilize the device\u2019s sensors to determine when the device is in use and subsequently hide malicious activity. When active, it attempts to hide its malicious activity by turning the screen\u2019s brightness as low as possible and muting the device.(Citation: SecureList BusyGasper)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1417", "showSubtechniques": true}, {"techniqueID": "T1417.001", "comment": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect every user screen tap and compare the input to a hardcoded list of coordinates to translate the input to a character.(Citation: SecureList BusyGasper)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1430", "comment": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect the device\u2019s location information based on cellular network or GPS coordinates.(Citation: SecureList BusyGasper)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1644", "comment": "[BusyGasper](https://attack.mitre.org/software/S0655) can perform actions when one of two hardcoded magic SMS strings is received.(Citation: SecureList BusyGasper)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1636", "showSubtechniques": true}, {"techniqueID": "T1636.004", "comment": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect SMS messages.(Citation: SecureList BusyGasper)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1513", "comment": "[BusyGasper](https://attack.mitre.org/software/S0655) can use its keylogger module to take screenshots of the area of the screen that the user tapped.(Citation: SecureList BusyGasper)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1582", "comment": "[BusyGasper](https://attack.mitre.org/software/S0655) can send an SMS message after the device boots, messages containing logs, messages to adversary-specified numbers with custom content, and can delete all SMS messages on the device.(Citation: SecureList BusyGasper)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1409", "comment": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect data from messaging applications, including WhatsApp, Viber, and Facebook.(Citation: SecureList BusyGasper)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1512", "comment": "[BusyGasper](https://attack.mitre.org/software/S0655) can record from the device\u2019s camera.(Citation: SecureList BusyGasper)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1481", "showSubtechniques": true}, {"techniqueID": "T1481.002", "comment": "[BusyGasper](https://attack.mitre.org/software/S0655) can be controlled via IRC using freenode.net servers.(Citation: SecureList BusyGasper)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by BusyGasper", "color": "#66b1ff"}]}