Pegasus for iOS, Software S0289 | MITRE ATT&CK®
Pegasus for iOS, Software S0289 | MITRE ATT&CK®
· archived 5/18/2026, 12:42:45 AMscreenshotcached html Pegasus for iOS, Software S0289 | MITRE ATT&CK® Matrices Enterprise Mobile ICS Tactics Enterprise Mobile ICS Techniques Enterprise Mobile ICS Defenses Data Sources Mitigations Enterprise Mobile ICS Assets CTI Groups Software Campaigns Resources General Information Getting Started Contribute Training ATT&CKcon Working with ATT&CK FAQ Updates Versions of ATT&CK Related Projects Brand Guide Benefactors Blog Search ATT&CK v14 has been released! Check out the blog post or release notes for more information. SOFTWARE Overview 3PARA RAT 4H RAT AADInternals ABK AbstractEmu ACAD/Medre.A Action RAT adbupd AdFind Adups ADVSTORESHELL Agent Smith Agent Tesla Agent.btz Allwinner Amadey Anchor Android/AdDisplay.Ashas Android/Chuli.A AndroidOS/MalLocker.B ANDROIDOS_ANSERVER.A ANDROMEDA AndroRAT Anubis AppleJeus AppleSeed Aria-body Arp Asacub ASPXSpy Astaroth AsyncRAT at Attor AuditCred AuTo Stealer AutoIt backdoor Avaddon Avenger AvosLocker Azorult Babuk BabyShark BackConfig Backdoor.Oldrea BACKSPACE Bad Rabbit BADCALL BADFLICK BADHATCH BADNEWS BadPatch Bandook Bankshot Bazar BBK BBSRAT BendyBear BISCUIT Bisonal BitPaymer BITSAdmin Black Basta BlackCat BLACKCOFFEE BlackEnergy BlackMould BLINDINGCAN BloodHound BLUELIGHT Bonadan BONDUPDATER BoomBox BOOSTWRITE BOOTRASH BOULDSPY BoxCaon BrainTest Brave Prince Bread Briba Brute Ratel C4 BS2005 BUBBLEWRAP build_downer Bumblebee Bundlore BusyGasper Cachedump CaddyWiper Cadelspy CALENDAR Calisto CallMe Cannon Carbanak Carberp Carbon CarbonSteal Cardinal RAT CARROTBALL CARROTBAT Catchamas Caterpillar WebShell CCBkdr ccf32 Cerberus certutil Chaes Chameleon Chaos Charger CharmPower ChChes CHEMISTGAMES Cherry Picker China Chopper Chinoxy CHOPSTICK Chrommme Circles Clambling Clop CloudDuke cmd Cobalt Strike Cobian RAT CoinTicker Comnie ComRAT Concipit1248 Conficker ConnectWise Conti CookieMiner CORALDECK CORESHELL Corona Updates CosmicDuke CostaBricks CozyCar CrackMapExec CreepyDrive CreepySnail Crimson CrossRAT Crutch Cryptoistic CSPY Downloader Cuba Cyclops Blink Dacls DanBot DarkComet DarkTortilla DarkWatchman Daserf DCSrv DDKONG DEADEYE DealersChoice DEATHRANSOM DEFENSOR ID Dendroid Denis Derusbi Desert Scorpion Diavol Dipsind Disco DnsSystem DOGCALL Dok Doki Donut DoubleAgent down_new Downdelph DownPaper DRATzarus DressCode Dridex Drinik DroidJack DropBook Drovorub dsquery Dtrack DualToy Duqu DustySky Dvmap Dyre Ebury ECCENTRICBANDWAGON Ecipekac Egregor EKANS Elise ELMER Emissary Emotet Empire EnvyScout Epic Escobar esentutl eSurv EventBot EvilBunny EvilGrab EVILNUM Exaramel for Linux Exaramel for Windows Exobot Exodus Expand Explosive Fakecalls FakeM FakeSpy FALLCHILL FatDuke Felismus FELIXROOT Ferocious Fgdump Final1stspy FinFisher FIVEHANDS Flagpro Flame FLASHFLOOD FlawedAmmyy FlawedGrace FlexiSpy FLIPSIDE FluBot FlyTrap FoggyWeb Forfiles FrameworkPOS FrozenCell FruitFly ftp FunnyDream FYAnti Fysbis Gazer Gelsemium GeminiDuke Get2 gh0st RAT Ginp GLOOXMAIL Gold Dragon Golden Cup GoldenEagle GoldenSpy GoldFinder GoldMax GolfSpy Gooligan Goopy GPlayed Grandoreiro GravityRAT Green Lambert GreyEnergy GRIFFON GrimAgent gsecdump GuLoader Gustuff H1N1 Hacking Team UEFI Rootkit HALFBAKED HAMMERTOSS Hancitor HAPPYWORK HARDRAIN Havij HAWKBALL hcdLoader HDoor HELLOKITTY Helminth HenBox HermeticWiper HermeticWizard Heyoka Backdoor Hi-Zor HiddenWasp HIDEDRV Hikit Hildegard HOMEFRY HOPLIGHT Hornbill HotCroissant HTRAN HTTPBrowser httpclient HummingBad HummingWhale Hydraq HyperBro HyperStack IceApple IcedID ifconfig iKitten Imminent Monitor Impacket INCONTROLLER Industroyer Industroyer2 InnaputRAT INSOMNIA InvisiMole Invoke-PSImage ipconfig IronNetInjector ISMInjector Ixeshe Janicab Javali JCry JHUHUGIT JPIN jRAT JSS Loader Judy KARAE Kasidet Kazuar Kerrdown Kessel Kevin KeyBoy Keydnap KEYMARBLE KEYPLUG KeyRaider KGH_SPY KillDisk Kinsing Kivars Koadic Kobalos KOCTOPUS Komplex KOMPROGO KONNI KOPILUWAK Kwampirs LaZagne LightNeuron Linfo Linux Rabbit LiteDuke LitePower Lizar LockerGoga LoJax Lokibot LookBack LoudMiner LOWBALL Lslsass Lucifer Lurid Machete MacMa macOS.OSAMiner MacSpy Mafalda MailSniper Mandrake Marcher MarkiRAT Matryoshka MazarBOT Maze MCMD MechaFlounder meek MegaCortex Melcoz MESSAGETAP metaMain Metamorfo Meteor Micropsia Milan Mimikatz MimiPenguin Miner-C MiniDuke MirageFox Mis-Type Misdat Mivast MobileOrder MoleNet Mongall Monokle MoonWind More_eggs Mori Mosquito MURKYTOP Mythic Naid NanHaiShu NanoCore NativeZone NavRAT NBTscan nbtstat NDiskMonitor Nebulae Neoichor Nerex Net Net Crawler NETEAGLE netsh netstat NetTraveler Netwalker NETWIRE ngrok Nidiran NightClub njRAT Nltest NOKKI NotCompatible NotPetya OBAD ObliqueRAT OceanSalt Octopus Okrum OLDBAIT OldBoot Olympic Destroyer OnionDuke OopsIE Orz OSInfo OSX/Shlayer OSX_OCEANLOTUS.D Out1 OutSteel OwaAuth P.A.S. Webshell P2P ZeuS P8RAT Pacu Pallas Pandora Pasam Pass-The-Hash Toolkit Pay2Key PcShare Pegasus for Android Pegasus for iOS Peirates Penquin Peppy PHOREAL Pillowmint PinchDuke Ping PingPull PipeMon Pisloader PJApps PLAINTEE PLC-Blaster PLEAD PlugX pngdowner PoetRAT PoisonIvy PolyglotDuke Pony POORAIM PoshC2 POSHSPY Power Loader PowerDuke PowerLess PowerPunch PowerShower POWERSOURCE PowerSploit PowerStallion POWERSTATS POWERTON PowGoop POWRUNER Prestige Prikormka ProLock Proton Proxysvc PS1 PsExec Psylo Pteranodon PUNCHBUGGY PUNCHTRACK Pupy pwdump PyDCrypt Pysa QakBot QUADAGENT QuasarRAT QUIETCANARY QUIETEXIT QuietSieve Ragnar Locker Raindrop RainyDay Ramsay RARSTONE RATANKBA RawDisk RawPOS Rclone RCSAndroid RCSession RDAT RDFSNIFFER Reaver Red Alert 2.0 RedDrop RedLeaves Reg RegDuke Regin Remcos Remexi RemoteCMD RemoteUtilities Remsec Responder Revenge RAT REvil RGDoor Rifdoor Riltok RIPTIDE Rising Sun ROADTools RobbinHood ROCKBOOT RogueRobin ROKRAT RotaJakiro Rotexy route Rover Royal RTM Rubeus Ruler RuMMS RunningRAT Ryuk S-Type S.O.V.A. Saint Bot Sakula SamSam Sardonic schtasks SDBbot SDelete SeaDuke Seasalt SEASHARPEE ServHelper Seth-Locker ShadowPad Shamoon Shark SharkBot SharpDisco SharpStage SHARPSTATS ShiftyBug ShimRat ShimRatReporter SHIPSHAPE SHOTPUT SHUTTERSPEED Sibot SideTwist SILENTTRINITY SilkBean Siloscape SimBad Skeleton Key Skidmap Skygofree Sliver SLOTHFULMEDIA SLOWDRIFT Small Sieve Smoke Loader SMOKEDHAM Snip3 SNUGRIDE Socksbot SodaMaster SombRAT SoreFang SOUNDBITE SPACESHIP Spark SpeakUp SpicyOmelette spwebmember SpyDealer SpyNote RAT sqlmap SQLRat Squirrelwaffle SslMM Starloader STARWHALE Stealth Mango StoneDrill StreamEx StrifeWater StrongPity Stuxnet SUGARDUMP SUGARUSH Sunbird SUNBURST SUNSPOT SUPERNOVA SVCReady Sykipot SynAck SYNful Knock Sys10 SYSCON Systeminfo SysUpdate T9000 Taidoor TAINTEDSCRIBE TajMahal Tangelo TangleBot Tarrask Tasklist TDTESS TEARDROP TERRACOTTA TEXTMATE ThiefQuest ThreatNeedle TianySpy Tiktok Pro TinyTurla TINYTYPHON TinyZBot Tomiris Tor Torisma TrailBlazer Triada TrickBot TrickMo Triton Trojan-SMS.AndroidOS.Agent.ao Trojan-SMS.AndroidOS.FakeInst.a Trojan-SMS.AndroidOS.OpFake.a Trojan.Karagany Trojan.Mebromi Truvasys TSCookie Turian TURNEDUP Twitoor TYPEFRAME UACMe UBoatRAT Umbreon Unknown Logger UPPERCUT Uroburos Ursnif USBferry USBStealer Valak VaporRage Vasport VBShower VERMIN ViceLeaker ViperRAT Volgmer VPNFilter WannaCry WarzoneRAT WastedLocker Waterbear WEBC2 WellMail WellMess Wevtutil WhisperGate Wiarp Windows Credential Editor WINDSHIELD WindTail WINERACK Winexe Wingbird WinMM Winnti for Linux Winnti for Windows Wiper WireLurker WolfRAT Woody RAT X-Agent for Android XAgentOSX Xbash Xbot xCaon xCmd XcodeGhost XCSSET XLoader for Android XLoader for iOS XTunnel YAHOYAH YiSpecter yty Zebrocy Zen ZergHelper Zeroaccess ZeroT Zeus Panda ZLib Zox zwShell ZxShell ZxxZ Home Software Pegasus for iOS Pegasus for iOS Pegasus for iOS is the iOS version of malware that has reportedly been linked to the NSO Group. It has been advertised and sold to target high-value victims. [1] [2] The Android version is tracked separately under Pegasus for Android. ID: S0289 ⓘ Type: MALWARE ⓘ Platforms: iOS Version: 1.1 Created: 25 October 2017 Last Modified: 24 October 2022 Version Permalink Live Version ATT&CK® Navigator Layers Mobile Layer download view Techniques Used Domain ID Name Use Mobile T1429 Audio Capture Pegasus for iOS has the ability to record audio.[1] Mobile T1645 Compromise Client Software Binary Pegasus for iOS modifies the system partition to maintain persistence.[1] Mobile T1456 Drive-By Compromise Pegasus for iOS was distributed through a web site by exploiting vulnerabilities in the Safari web browser on iOS devices.[1] Mobile T1658 Exploitation for Client Execution Pegasus for iOS can compromise iPhones running iOS 16.6 without any user interaction. Mobile T1404 Exploitation for Privilege Escalation Pegasus for iOS exploits iOS vulnerabilities to escalate privileges.[1] Mobile T1430 Location Tracking Pegasus for iOS update and sends the location of the phone.[1] Mobile T1644 Out of Band Data Pegasus for iOS uses SMS for command and control.[1] Mobile T1636 .002 Protected User Data: Call Log Pegasus for iOS captures call logs.[1] .003 Protected User Data: Contact List Pegasus for iOS gathers contacts from the system by dumping the victim's address book.[1] .004 Protected User Data: SMS Messages Pegasus for iOS captures SMS messages that the victim sends or receives.[1] Mobile T1409 Stored Application Data Pegasus for iOS accesses sensitive data in files, such as saving Skype calls by reading them out of the Skype database files.[1] Mobile T1426 System Information Discovery Pegasus for iOS monitors the victim for status and disables other access to the phone by other jailbreaking software.[1] Mobile T1421 System Network Connections Discovery Pegasus for iOS monitors the connection state and tracks which types of networks the phone is connected to, potentially to determine the bandwidth and ability to send full data across the network.[1] References Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016. Bill Marczak and John Scott-Railton. (2016, August 24). The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender. Retrieved December 12, 2016. × load more results © 2015-2023, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation. Privacy Policy Terms of Use ATT&CK v14.1 @MITREattack Contact