ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool BADSIGNAL

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: BADSIGNAL

NamesBADSIGNAL
CategoryMalware
TypeBackdoor
Description(Volexity) In contrast to BadBazaar and BADSOLAR, BADSIGNAL does not download a second-stage payload. Instead, all capabilities are included in the main APK. The malicious code is loaded by extending the legitimate PassPhraseRequiredActivity class in org.thoughtcrime.securesms.MainActivity. BADSIGNAL uses a REST API on port 4432 as part of its C2 communication.
Information<https://www.volexity.com/blog/2023/09/22/evilbamboo-targets-mobile-devices-in-multi-year-campaign/>

Last change to this tool card: 12 October 2023

Download this tool card in JSON format

All groups using tool BADSIGNAL

ChangedNameCountryObserved

APT groups

 Poison Carp, Evil EyeChina2018-Jun 2023X

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]