Skip to content

S0079 MobileOrder

MobileOrder is a Trojan intended to compromise Android mobile devices. It has been used by Scarlet Mimic. 1

Item Value
ID S0079
Type MALWARE
Version 1.0
Created 31 May 2017
Last Modified 17 October 2018
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1217 Browser Information Discovery MobileOrder has a command to upload to its C2 server victim browser bookmarks.1
enterprise T1005 Data from Local System MobileOrder exfiltrates data collected from the victim mobile device.1
enterprise T1041 Exfiltration Over C2 Channel MobileOrder exfiltrates data to its C2 server over the same protocol as C2 communications.1
enterprise T1083 File and Directory Discovery MobileOrder has a command to upload to its C2 server information about files on the victim mobile device, including SD card size, installed app list, SMS content, contacts, and calling history.1
enterprise T1105 Ingress Tool Transfer MobileOrder has a command to download a file from the C2 server to the victim mobile device’s SD card.1
enterprise T1057 Process Discovery MobileOrder has a command to upload information about all running processes to its C2 server.1
enterprise T1082 System Information Discovery MobileOrder has a command to upload to its C2 server victim mobile device information, including IMEI, IMSI, SIM card serial number, phone number, Android version, and other information.1

Groups That Use This Software

ID Name References
G0029 Scarlet Mimic 1

References

  1. Falcone, R. and Miller-Osborn, J.. (2016, January 24). Scarlet Mimic: Years-Long Espionage Campaign Targets Minority Activists. Retrieved February 10, 2016.