cti-ATT-CK-v13.1/mobile-attack/malware/malware--20d56cd6-8dff-4871-9889-d32d254816de.json

{
    "type": "bundle",
    "id": "bundle--5f03db16-72e5-4167-a3e1-ac0ee7d3ba2a",
    "spec_version": "2.0",
    "objects": [
        {
            "modified": "2022-10-24T15:09:07.609Z",
            "name": "Gooligan",
            "description": "[Gooligan](https://attack.mitre.org/software/S0290) is a malware family that runs privilege escalation exploits on Android devices and then uses its escalated privileges to steal authentication tokens that can be used to access data from many Google applications. [Gooligan](https://attack.mitre.org/software/S0290) has been described as part of the Ghost Push Android malware family. (Citation: Gooligan Citation) (Citation: Ludwig-GhostPush) (Citation: Lookout-Gooligan)",
            "labels": [
                "malware"
            ],
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "x_mitre_platforms": [
                "Android"
            ],
            "x_mitre_domains": [
                "mobile-attack"
            ],
            "x_mitre_version": "1.2",
            "x_mitre_attack_spec_version": "2.1.0",
            "x_mitre_aliases": [
                "Gooligan",
                "Ghost Push"
            ],
            "type": "malware",
            "id": "malware--20d56cd6-8dff-4871-9889-d32d254816de",
            "created": "2017-10-25T14:48:43.242Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/software/S0290",
                    "external_id": "S0290"
                },
                {
                    "source_name": "Gooligan",
                    "description": "(Citation: Gooligan Citation) (Citation: Ludwig-GhostPush) (Citation: Lookout-Gooligan)"
                },
                {
                    "source_name": "Ghost Push",
                    "description": "Gooligan has been described as being part of the Ghost Push Android malware family. (Citation: Ludwig-GhostPush) (Citation: Lookout-Gooligan)"
                },
                {
                    "source_name": "Gooligan Citation",
                    "description": "Check Point Research Team. (2016, November 30). More Than 1 Million Google Accounts Breached by Gooligan. Retrieved December 12, 2016.",
                    "url": "http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/"
                },
                {
                    "source_name": "Ludwig-GhostPush",
                    "description": "Adrian Ludwig. (2016, November 29). The fight against Ghost Push continues. Retrieved December 12, 2016.",
                    "url": "https://plus.google.com/+AdrianLudwig/posts/GXzJ8vaAFsi"
                },
                {
                    "source_name": "Lookout-Gooligan",
                    "description": "Lookout. (2016, December 1). Ghost Push and Gooligan: One and the same. Retrieved December 12, 2016.",
                    "url": "https://blog.lookout.com/blog/2016/12/01/ghost-push-gooligan/"
                }
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ]
        }
    ]
}