S0301 Dendroid
Dendroid is an Android remote access tool (RAT) primarily targeting Western countries. The RAT was available for purchase for $300 and came bundled with a utility to inject the RAT into legitimate applications.1
| Item | Value |
|---|---|
| ID | S0301 |
| Associated Names | |
| Type | MALWARE |
| Version | 2.0 |
| Created | 25 October 2017 |
| Last Modified | 24 October 2022 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| mobile | T1429 | Audio Capture | Dendroid can record audio and outgoing calls.1 |
| mobile | T1533 | Data from Local System | Dendroid can collect the device’s photos, browser history, bookmarks, and accounts stored on the device.1 |
| mobile | T1417 | Input Capture | - |
| mobile | T1417.002 | GUI Input Capture | Dendroid can open a dialog box to ask the user for passwords.1 |
| mobile | T1636 | Protected User Data | - |
| mobile | T1636.004 | SMS Messages | Dendroid can intercept SMS messages.1 |
| mobile | T1582 | SMS Control | Dendroid can send and block SMS messages.1 |
| mobile | T1512 | Video Capture | Dendroid can take photos and record videos.1 |
| mobile | T1633 | Virtualization/Sandbox Evasion | - |
| mobile | T1633.001 | System Checks | Dendroid can detect if it is being ran on an emulator.1 |