Currently viewing ATT&CK v7.2 which was live between July 8, 2020 and October 26, 2020. Learn more about the versioning system or see the live site.
Register to stream the next session of ATT&CKcon Power Hour November 12
SOFTWARE
Aria-body
SOFTWARE
1-9
A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
Y-Z
  1. Home
  2. Software
  3. Concipit1248

Concipit1248

Concipit1248 is iOS spyware that was discovered using the same name as the developer of the Android spyware Corona Updates. Further investigation revealed that the two pieces of software contained the same C2 URL and similar functionality.[1]

ID: S0426
Associated Software: Corona Updates
Type: MALWARE
Platforms: iOS
Version: 1.0
Created: 24 April 2020
Last Modified: 30 April 2020

Associated Software Descriptions

Name Description
Corona Updates [1]
Mobile Layer
download view

Techniques Used

Domain ID Name Use
Mobile T1512 Capture Camera

Concipit1248 requests permissions to use the device camera.[1]
Mobile T1533 Data from Local System

Concipit1248 can collect device photos.[1]
Mobile T1475 Deliver Malicious App via Authorized App Store

Concipit1248 has been distributed through the App Store.[1]
Mobile T1437 Standard Application Layer Protocol

Concipit1248 communicates with the C2 server using HTTP requests.[1]

References

  1. T. Bao, J. Lu. (2020, April 14). Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020.