Trusted Design

BusyGasper – the unfriendly spy

概要

In early 2018 our mobile intruder-detection technology was triggered by a suspicious Android sample that, as it turned out, belonged to an unknown spyware family. Further investigation showed that the malware, which we named BusyGasper, is not all that sophisticated, but demonstrates some unusual features for this type of threat. From a technical point of view, the sample is a unique spy implant with stand-out features such as device sensors listeners, including motion detectors that have been implemented with a degree of originality. It has an incredibly wide-ranging protocol – about 100 commands – and an ability to bypass the Doze battery saver. As a modern Android spyware it is also capable of exfiltrating data from messaging applications (WhatsApp, Viber, Facebook). Moreover, BusyGasper boasts some keylogging tools – the malware processes every user tap, gathering its coordinates and calculating characters by matching given values with hardcoded ones.

Created: 2026-02-23

Indicators

類似Pulses

Ratcheting Down on JSocket: A PC and Android Threat (score: 0.66)
Skygofree: Following in the footsteps of HackingTeam (score: 0.64)
Triout Android Spyware Framework Makes a Comeback, Abusing App with 50 Million Downloads (score: 0.60)
New Android "Ghost Push" Variants (score: 0.60)
HummingBad: A Persistent Mobile Chain Attack (score: 0.58)

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 17.81

Matched TTPs:

T1053.007 - Container Orchestration Job
T1003.007 - Proc Filesystem
T1588.001 - Malware
T1583.006 - Web Services
T1027.014 - Polymorphic Code
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries
T1665 - Hide Infrastructure

MITREへのリンク →

Mustang Panda

Score: 22.07

Matched TTPs:

T1053.007 - Container Orchestration Job
T1058 - Service Registry Permissions Weakness
T1583.006 - Web Services
T1169 - Sudo
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries
T1055.005 - Thread Local Storage
T1556 - Modify Authentication Process

MITREへのリンク →

BRONZE BUTLER

Score: 10.52

Matched TTPs:

T1003.007 - Proc Filesystem
T1685.005 - Clear Windows Event Logs
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries
T1578.001 - Create Snapshot

MITREへのリンク →

TeamTNT

Score: 8.84

Matched TTPs:

T1003.007 - Proc Filesystem
T1583.006 - Web Services
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries
T1665 - Hide Infrastructure

MITREへのリンク →

Indrik Spider

Score: 3.30

Matched TTPs:

T1003.007 - Proc Filesystem
T1547.013 - XDG Autostart Entries

MITREへのリンク →

OilRig

Score: 16.04

Matched TTPs:

T1003.007 - Proc Filesystem
T1583.006 - Web Services
T1592.002 - Software
T1128 - Netsh Helper DLL
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries
T1556 - Modify Authentication Process

MITREへのリンク →

Turla

Score: 8.60

Matched TTPs:

T1003.007 - Proc Filesystem
T1583.006 - Web Services
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries
T1578.001 - Create Snapshot

MITREへのリンク →

Aquatic Panda

Score: 5.40

Matched TTPs:

T1003.007 - Proc Filesystem
T1588.001 - Malware
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Poseidon Group

Score: 4.04

Matched TTPs:

T1003.007 - Proc Filesystem
T1583.006 - Web Services

MITREへのリンク →

Chimera

Score: 14.72

Matched TTPs:

T1003.007 - Proc Filesystem
T1491 - Defacement
T1583.006 - Web Services
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries
T1665 - Hide Infrastructure
T1578.001 - Create Snapshot

MITREへのリンク →

Ke3chang

Score: 9.44

Matched TTPs:

T1003.007 - Proc Filesystem
T1685.005 - Clear Windows Event Logs
T1583.006 - Web Services
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Earth Lusca

Score: 4.04

Matched TTPs:

T1003.007 - Proc Filesystem
T1583.006 - Web Services

MITREへのリンク →

Volt Typhoon

Score: 13.53

Matched TTPs:

T1003.007 - Proc Filesystem
T1491 - Defacement
T1583.006 - Web Services
T1547.013 - XDG Autostart Entries
T1665 - Hide Infrastructure
T1578.001 - Create Snapshot

MITREへのリンク →

APT1

Score: 4.04

Matched TTPs:

T1003.007 - Proc Filesystem
T1583.006 - Web Services

MITREへのリンク →

Gamaredon Group

Score: 11.05

Matched TTPs:

T1058 - Service Registry Permissions Weakness
T1583.006 - Web Services
T1061 - Graphical User Interface
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries

MITREへのリンク →

LuminousMoth

Score: 5.00

Matched TTPs:

T1058 - Service Registry Permissions Weakness
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Aoqin Dragon

Score: 3.03

Matched TTPs:

T1058 - Service Registry Permissions Weakness

MITREへのリンク →

Darkhotel

Score: 7.92

Matched TTPs:

T1058 - Service Registry Permissions Weakness
T1583.006 - Web Services
T1547.013 - XDG Autostart Entries
T1578.001 - Create Snapshot

MITREへのリンク →

FIN7

Score: 18.40

Matched TTPs:

T1058 - Service Registry Permissions Weakness
T1011.001 - Exfiltration Over Bluetooth
T1098.004 - SSH Authorized Keys
T1588.001 - Malware
T1583.006 - Web Services
T1547.013 - XDG Autostart Entries
T1578.001 - Create Snapshot

MITREへのリンク →

APT28

Score: 15.19

Matched TTPs:

T1058 - Service Registry Permissions Weakness
T1583.006 - Web Services
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries
T1055.008 - Ptrace System Calls
T1564.004 - NTFS File Attributes

MITREへのリンク →

Tropic Trooper

Score: 12.10

Matched TTPs:

T1058 - Service Registry Permissions Weakness
T1583.006 - Web Services
T1128 - Netsh Helper DLL
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries
T1665 - Hide Infrastructure

MITREへのリンク →

Medusa Group

Score: 10.36

Matched TTPs:

T1218.003 - CMSTP
T1583.006 - Web Services
T1128 - Netsh Helper DLL
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Threat Group-3390

Score: 6.10

Matched TTPs:

T1218.003 - CMSTP
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Fox Kitten

Score: 10.00

Matched TTPs:

T1491 - Defacement
T1588.001 - Malware
T1547.013 - XDG Autostart Entries
T1588.005 - Exploits

MITREへのリンク →

APT38

Score: 6.77

Matched TTPs:

T1491 - Defacement
T1583.006 - Web Services
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Scattered Spider

Score: 7.91

Matched TTPs:

T1491 - Defacement
T1547.013 - XDG Autostart Entries
T1588.005 - Exploits

MITREへのリンク →

Moonstone Sleet

Score: 5.25

Matched TTPs:

T1491 - Defacement
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Ember Bear

Score: 3.84

Matched TTPs:

T1098.004 - SSH Authorized Keys

MITREへのリンク →

Silence

Score: 4.62

Matched TTPs:

T1098.004 - SSH Authorized Keys
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Ferocious Kitten

Score: 3.44

Matched TTPs:

T1685.005 - Clear Windows Event Logs

MITREへのリンク →

BlackTech

Score: 3.44

Matched TTPs:

T1685.005 - Clear Windows Event Logs

MITREへのリンク →

Scarlet Mimic

Score: 3.44

Matched TTPs:

T1685.005 - Clear Windows Event Logs

MITREへのリンク →

FIN13

Score: 4.06

Matched TTPs:

T1588.001 - Malware
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT32

Score: 9.55

Matched TTPs:

T1588.001 - Malware
T1027.014 - Polymorphic Code
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries
T1556 - Modify Authentication Process

MITREへのリンク →

Winter Vivern

Score: 4.06

Matched TTPs:

T1588.001 - Malware
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Wizard Spider

Score: 6.81

Matched TTPs:

T1588.001 - Malware
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries
T1556 - Modify Authentication Process

MITREへのリンク →

BITTER

Score: 4.06

Matched TTPs:

T1588.001 - Malware
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries

MITREへのリンク →

FIN6

Score: 7.59

Matched TTPs:

T1588.001 - Malware
T1128 - Netsh Helper DLL
T1556 - Modify Authentication Process

MITREへのリンク →

UNC3886

Score: 6.21

Matched TTPs:

T1588.001 - Malware
T1583.006 - Web Services
T1578.001 - Create Snapshot

MITREへのリンク →

ZIRCONIUM

Score: 5.46

Matched TTPs:

T1588.001 - Malware
T1547.013 - XDG Autostart Entries
T1578.001 - Create Snapshot

MITREへのリンク →

Magic Hound

Score: 5.58

Matched TTPs:

T1588.001 - Malware
T1583.006 - Web Services
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Higaisa

Score: 10.23

Matched TTPs:

T1588.001 - Malware
T1583.006 - Web Services
T1556.005 - Reversible Encryption
T1665 - Hide Infrastructure
T1578.001 - Create Snapshot

MITREへのリンク →

Lazarus Group

Score: 17.88

Matched TTPs:

T1588.001 - Malware
T1583.006 - Web Services
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries
T1055.005 - Thread Local Storage
T1665 - Hide Infrastructure
T1578.001 - Create Snapshot
T1556 - Modify Authentication Process

MITREへのリンク →

Storm-0501

Score: 6.36

Matched TTPs:

T1588.001 - Malware
T1583.006 - Web Services
T1027.014 - Polymorphic Code

MITREへのリンク →

APT41

Score: 8.19

Matched TTPs:

T1588.001 - Malware
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries
T1037.001 - Logon Script (Windows)

MITREへのリンク →

Windshift

Score: 3.48

Matched TTPs:

T1583.006 - Web Services
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Sidewinder

Score: 6.07

Matched TTPs:

T1583.006 - Web Services
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries
T1578.001 - Create Snapshot

MITREへのリンク →

Deep Panda

Score: 4.26

Matched TTPs:

T1583.006 - Web Services
T1027.014 - Polymorphic Code

MITREへのリンク →

HAFNIUM

Score: 7.61

Matched TTPs:

T1583.006 - Web Services
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries
T1055.008 - Ptrace System Calls

MITREへのリンク →

ToddyCat

Score: 4.35

Matched TTPs:

T1583.006 - Web Services
T1665 - Hide Infrastructure

MITREへのリンク →

MuddyWater

Score: 3.48

Matched TTPs:

T1583.006 - Web Services
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Rocke

Score: 3.48

Matched TTPs:

T1583.006 - Web Services
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT37

Score: 3.48

Matched TTPs:

T1583.006 - Web Services
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Inception

Score: 5.45

Matched TTPs:

T1583.006 - Web Services
T1027.014 - Polymorphic Code
T1556.005 - Reversible Encryption

MITREへのリンク →

TA551

Score: 4.71

Matched TTPs:

T1027.014 - Polymorphic Code
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Cobalt Group

Score: 7.46

Matched TTPs:

T1027.014 - Polymorphic Code
T1128 - Netsh Helper DLL
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Blue Mockingbird

Score: 7.28

Matched TTPs:

T1027.014 - Polymorphic Code
T1001.001 - Junk Data

MITREへのリンク →

Leviathan

Score: 3.52

Matched TTPs:

T1027.014 - Polymorphic Code
T1547.013 - XDG Autostart Entries

MITREへのリンク →

WIRTE

Score: 4.71

Matched TTPs:

T1027.014 - Polymorphic Code
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT19

Score: 3.93

Matched TTPs:

T1027.014 - Polymorphic Code
T1556.005 - Reversible Encryption

MITREへのリンク →

TA2541

Score: 3.52

Matched TTPs:

T1128 - Netsh Helper DLL
T1547.013 - XDG Autostart Entries

MITREへのリンク →

RedCurl

Score: 3.93

Matched TTPs:

T1128 - Netsh Helper DLL
T1556.005 - Reversible Encryption

MITREへのリンク →

RedEcho

Score: 3.93

Matched TTPs:

T1128 - Netsh Helper DLL
T1556.005 - Reversible Encryption

MITREへのリンク →

APT42

Score: 3.93

Matched TTPs:

T1128 - Netsh Helper DLL
T1556.005 - Reversible Encryption

MITREへのリンク →

FIN8

Score: 7.46

Matched TTPs:

T1128 - Netsh Helper DLL
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries
T1556 - Modify Authentication Process

MITREへのリンク →

APT29

Score: 5.31

Matched TTPs:

T1546.018 - Python Startup Hooks
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Confucius

Score: 4.80

Matched TTPs:

T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries
T1665 - Hide Infrastructure

MITREへのリンク →

APT33

Score: 4.71

Matched TTPs:

T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries
T1556 - Modify Authentication Process

MITREへのリンク →

Equation

Score: 8.26

Matched TTPs:

T1130 - Install Root Certificate
T1037.001 - Logon Script (Windows)

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

Patchwork

Score: 3.61

Matched TTPs:

T1547.013 - XDG Autostart Entries
T1665 - Hide Infrastructure

MITREへのリンク →

Axiom

Score: 4.54

Matched TTPs:

T1160 - Launch Daemon

MITREへのリンク →

LAPSUS$

Score: 3.84

Matched TTPs:

T1588.005 - Exploits

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Mustang Panda

Score: 0.77

Matched TTPs:

T1583.006 - Web Services
T1053.007 - Container Orchestration Job
T1055.005 - Thread Local Storage
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries
T1058 - Service Registry Permissions Weakness
T1169 - Sudo
T1556 - Modify Authentication Process

MITREへのリンク →

FIN7

Score: 0.70

Matched TTPs:

T1583.006 - Web Services
T1578.001 - Create Snapshot
T1547.013 - XDG Autostart Entries
T1058 - Service Registry Permissions Weakness
T1011.001 - Exfiltration Over Bluetooth
T1588.001 - Malware
T1098.004 - SSH Authorized Keys

MITREへのリンク →

Lazarus Group

Score: 0.66

Matched TTPs:

T1583.006 - Web Services
T1055.005 - Thread Local Storage
T1556.005 - Reversible Encryption
T1578.001 - Create Snapshot
T1547.013 - XDG Autostart Entries
T1556 - Modify Authentication Process
T1588.001 - Malware
T1665 - Hide Infrastructure

MITREへのリンク →

Kimsuky

Score: 0.65

Matched TTPs:

T1583.006 - Web Services
T1053.007 - Container Orchestration Job
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries
T1003.007 - Proc Filesystem
T1027.014 - Polymorphic Code
T1588.001 - Malware
T1665 - Hide Infrastructure

MITREへのリンク →

OilRig

Score: 0.58

Matched TTPs:

T1592.002 - Software
T1583.006 - Web Services
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries
T1003.007 - Proc Filesystem
T1556 - Modify Authentication Process
T1128 - Netsh Helper DLL

MITREへのリンク →

APT28

Score: 0.57

Matched TTPs:

T1583.006 - Web Services
T1556.005 - Reversible Encryption
T1564.004 - NTFS File Attributes
T1547.013 - XDG Autostart Entries
T1055.008 - Ptrace System Calls
T1058 - Service Registry Permissions Weakness

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る