BusyGasper – the unfriendly spy
概要
In early 2018 our mobile intruder-detection technology was triggered by a suspicious Android sample that, as it turned out, belonged to an unknown spyware family. Further investigation showed that the malware, which we named BusyGasper, is not all that sophisticated, but demonstrates some unusual features for this type of threat. From a technical point of view, the sample is a unique spy implant with stand-out features such as device sensors listeners, including motion detectors that have been implemented with a degree of originality. It has an incredibly wide-ranging protocol – about 100 commands – and an ability to bypass the Doze battery saver. As a modern Android spyware it is also capable of exfiltrating data from messaging applications (WhatsApp, Viber, Facebook). Moreover, BusyGasper boasts some keylogging tools – the malware processes every user tap, gathering its coordinates and calculating characters by matching given values with hardcoded ones.
Created: 2026-02-23
Indicators
類似Pulses
このPulseに関連する脅威アクター (事実ベース)
Score: 17.81
Matched TTPs:
- T1036.007 - Double File Extension
- T1007 - System Service Discovery
- T1036.004 - Masquerade Task or Service
- T1057 - Process Discovery
- T1218.010 - Regsvr32
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
- T1680 - Local Storage Discovery
MITREへのリンク →
Score: 22.07
Matched TTPs:
- T1036.007 - Double File Extension
- T1091 - Replication Through Removable Media
- T1057 - Process Discovery
- T1678 - Delay Execution
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
- T1027.007 - Dynamic API Resolution
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →
Score: 10.52
Matched TTPs:
- T1007 - System Service Discovery
- T1036.002 - Right-to-Left Override
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
- T1124 - System Time Discovery
MITREへのリンク →
Score: 8.84
Matched TTPs:
- T1007 - System Service Discovery
- T1057 - Process Discovery
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
- T1680 - Local Storage Discovery
MITREへのリンク →
Score: 3.30
Matched TTPs:
- T1007 - System Service Discovery
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 16.04
Matched TTPs:
- T1007 - System Service Discovery
- T1057 - Process Discovery
- T1137.004 - Outlook Home Page
- T1573.002 - Asymmetric Cryptography
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →
Score: 8.60
Matched TTPs:
- T1007 - System Service Discovery
- T1057 - Process Discovery
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
- T1124 - System Time Discovery
MITREへのリンク →
Score: 5.40
Matched TTPs:
- T1007 - System Service Discovery
- T1036.004 - Masquerade Task or Service
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 4.04
Matched TTPs:
- T1007 - System Service Discovery
- T1057 - Process Discovery
MITREへのリンク →
Score: 14.72
Matched TTPs:
- T1007 - System Service Discovery
- T1217 - Browser Information Discovery
- T1057 - Process Discovery
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
- T1680 - Local Storage Discovery
- T1124 - System Time Discovery
MITREへのリンク →
Score: 9.44
Matched TTPs:
- T1007 - System Service Discovery
- T1036.002 - Right-to-Left Override
- T1057 - Process Discovery
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 4.04
Matched TTPs:
- T1007 - System Service Discovery
- T1057 - Process Discovery
MITREへのリンク →
Score: 13.53
Matched TTPs:
- T1007 - System Service Discovery
- T1217 - Browser Information Discovery
- T1057 - Process Discovery
- T1105 - Ingress Tool Transfer
- T1680 - Local Storage Discovery
- T1124 - System Time Discovery
MITREへのリンク →
Score: 4.04
Matched TTPs:
- T1007 - System Service Discovery
- T1057 - Process Discovery
MITREへのリンク →
Score: 11.05
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1057 - Process Discovery
- T1001 - Data Obfuscation
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 5.00
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 3.03
Matched TTPs:
- T1091 - Replication Through Removable Media
MITREへのリンク →
Score: 7.92
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1057 - Process Discovery
- T1105 - Ingress Tool Transfer
- T1124 - System Time Discovery
MITREへのリンク →
Score: 18.40
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1674 - Input Injection
- T1125 - Video Capture
- T1036.004 - Masquerade Task or Service
- T1057 - Process Discovery
- T1105 - Ingress Tool Transfer
- T1124 - System Time Discovery
MITREへのリンク →
Score: 15.19
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1057 - Process Discovery
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
- T1550.001 - Application Access Token
- T1001.001 - Junk Data
MITREへのリンク →
Score: 12.10
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1057 - Process Discovery
- T1573.002 - Asymmetric Cryptography
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
- T1680 - Local Storage Discovery
MITREへのリンク →
Score: 10.36
Matched TTPs:
- T1608.002 - Upload Tool
- T1057 - Process Discovery
- T1573.002 - Asymmetric Cryptography
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 6.10
Matched TTPs:
- T1608.002 - Upload Tool
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 10.00
Matched TTPs:
- T1217 - Browser Information Discovery
- T1036.004 - Masquerade Task or Service
- T1105 - Ingress Tool Transfer
- T1213.005 - Messaging Applications
MITREへのリンク →
Score: 6.77
Matched TTPs:
- T1217 - Browser Information Discovery
- T1057 - Process Discovery
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 7.91
Matched TTPs:
- T1217 - Browser Information Discovery
- T1105 - Ingress Tool Transfer
- T1213.005 - Messaging Applications
MITREへのリンク →
Score: 5.25
Matched TTPs:
- T1217 - Browser Information Discovery
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 4.62
Matched TTPs:
- T1125 - Video Capture
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 3.44
Matched TTPs:
- T1036.002 - Right-to-Left Override
MITREへのリンク →
Score: 3.44
Matched TTPs:
- T1036.002 - Right-to-Left Override
MITREへのリンク →
Score: 3.44
Matched TTPs:
- T1036.002 - Right-to-Left Override
MITREへのリンク →
Score: 4.06
Matched TTPs:
- T1036.004 - Masquerade Task or Service
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 9.55
Matched TTPs:
- T1036.004 - Masquerade Task or Service
- T1218.010 - Regsvr32
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →
Score: 4.06
Matched TTPs:
- T1036.004 - Masquerade Task or Service
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 6.81
Matched TTPs:
- T1036.004 - Masquerade Task or Service
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →
Score: 4.06
Matched TTPs:
- T1036.004 - Masquerade Task or Service
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 7.59
Matched TTPs:
- T1036.004 - Masquerade Task or Service
- T1573.002 - Asymmetric Cryptography
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →
Score: 6.21
Matched TTPs:
- T1036.004 - Masquerade Task or Service
- T1057 - Process Discovery
- T1124 - System Time Discovery
MITREへのリンク →
Score: 5.46
Matched TTPs:
- T1036.004 - Masquerade Task or Service
- T1105 - Ingress Tool Transfer
- T1124 - System Time Discovery
MITREへのリンク →
Score: 5.58
Matched TTPs:
- T1036.004 - Masquerade Task or Service
- T1057 - Process Discovery
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 10.23
Matched TTPs:
- T1036.004 - Masquerade Task or Service
- T1057 - Process Discovery
- T1071.001 - Web Protocols
- T1680 - Local Storage Discovery
- T1124 - System Time Discovery
MITREへのリンク →
Score: 17.88
Matched TTPs:
- T1036.004 - Masquerade Task or Service
- T1057 - Process Discovery
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
- T1027.007 - Dynamic API Resolution
- T1680 - Local Storage Discovery
- T1124 - System Time Discovery
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →
Score: 6.36
Matched TTPs:
- T1036.004 - Masquerade Task or Service
- T1057 - Process Discovery
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 8.19
Matched TTPs:
- T1036.004 - Masquerade Task or Service
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
- T1480.001 - Environmental Keying
MITREへのリンク →
Score: 3.48
Matched TTPs:
- T1057 - Process Discovery
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 6.07
Matched TTPs:
- T1057 - Process Discovery
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
- T1124 - System Time Discovery
MITREへのリンク →
Score: 4.26
Matched TTPs:
- T1057 - Process Discovery
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 7.61
Matched TTPs:
- T1057 - Process Discovery
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
- T1550.001 - Application Access Token
MITREへのリンク →
Score: 4.35
Matched TTPs:
- T1057 - Process Discovery
- T1680 - Local Storage Discovery
MITREへのリンク →
Score: 3.48
Matched TTPs:
- T1057 - Process Discovery
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 3.48
Matched TTPs:
- T1057 - Process Discovery
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 3.48
Matched TTPs:
- T1057 - Process Discovery
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 5.45
Matched TTPs:
- T1057 - Process Discovery
- T1218.010 - Regsvr32
- T1071.001 - Web Protocols
MITREへのリンク →
Score: 4.71
Matched TTPs:
- T1218.010 - Regsvr32
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 7.46
Matched TTPs:
- T1218.010 - Regsvr32
- T1573.002 - Asymmetric Cryptography
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 7.28
Matched TTPs:
- T1218.010 - Regsvr32
- T1574.012 - COR_PROFILER
MITREへのリンク →
Score: 3.52
Matched TTPs:
- T1218.010 - Regsvr32
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 4.71
Matched TTPs:
- T1218.010 - Regsvr32
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 3.93
Matched TTPs:
- T1218.010 - Regsvr32
- T1071.001 - Web Protocols
MITREへのリンク →
Score: 3.52
Matched TTPs:
- T1573.002 - Asymmetric Cryptography
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 3.93
Matched TTPs:
- T1573.002 - Asymmetric Cryptography
- T1071.001 - Web Protocols
MITREへのリンク →
Score: 3.93
Matched TTPs:
- T1573.002 - Asymmetric Cryptography
- T1071.001 - Web Protocols
MITREへのリンク →
Score: 3.93
Matched TTPs:
- T1573.002 - Asymmetric Cryptography
- T1071.001 - Web Protocols
MITREへのリンク →
Score: 7.46
Matched TTPs:
- T1573.002 - Asymmetric Cryptography
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →
Score: 5.31
Matched TTPs:
- T1562.008 - Disable or Modify Cloud Logs
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 4.80
Matched TTPs:
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
- T1680 - Local Storage Discovery
MITREへのリンク →
Score: 4.71
Matched TTPs:
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →
Score: 8.26
Matched TTPs:
- T1564.005 - Hidden File System
- T1480.001 - Environmental Keying
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1564.005 - Hidden File System
MITREへのリンク →
Score: 3.61
Matched TTPs:
- T1105 - Ingress Tool Transfer
- T1680 - Local Storage Discovery
MITREへのリンク →
Score: 4.54
Matched TTPs:
- T1001.002 - Steganography
MITREへのリンク →
Score: 3.84
Matched TTPs:
- T1213.005 - Messaging Applications
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.77
Matched TTPs:
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
- T1091 - Replication Through Removable Media
- T1057 - Process Discovery
- T1027.007 - Dynamic API Resolution
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
- T1678 - Delay Execution
- T1036.007 - Double File Extension
MITREへのリンク →
Score: 0.70
Matched TTPs:
- T1036.004 - Masquerade Task or Service
- T1091 - Replication Through Removable Media
- T1057 - Process Discovery
- T1125 - Video Capture
- T1674 - Input Injection
- T1105 - Ingress Tool Transfer
- T1124 - System Time Discovery
MITREへのリンク →
Score: 0.66
Matched TTPs:
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
- T1036.004 - Masquerade Task or Service
- T1057 - Process Discovery
- T1027.007 - Dynamic API Resolution
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
- T1680 - Local Storage Discovery
- T1124 - System Time Discovery
MITREへのリンク →
Score: 0.65
Matched TTPs:
- T1036.004 - Masquerade Task or Service
- T1057 - Process Discovery
- T1036.007 - Double File Extension
- T1007 - System Service Discovery
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
- T1680 - Local Storage Discovery
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 0.58
Matched TTPs:
- T1573.002 - Asymmetric Cryptography
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
- T1057 - Process Discovery
- T1007 - System Service Discovery
- T1137.004 - Outlook Home Page
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 0.57
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1057 - Process Discovery
- T1550.001 - Application Access Token
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
- T1001.001 - Junk Data
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design