Skip to content

S0301 Dendroid

Dendroid is an Android remote access tool (RAT) primarily targeting Western countries. The RAT was available for purchase for $300 and came bundled with a utility to inject the RAT into legitimate applications.1

Item Value
ID S0301
Associated Names
Type MALWARE
Version 2.0
Created 25 October 2017
Last Modified 24 October 2022
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
mobile T1429 Audio Capture Dendroid can record audio and outgoing calls.1
mobile T1533 Data from Local System Dendroid can collect the device’s photos, browser history, bookmarks, and accounts stored on the device.1
mobile T1417 Input Capture -
mobile T1417.002 GUI Input Capture Dendroid can open a dialog box to ask the user for passwords.1
mobile T1636 Protected User Data -
mobile T1636.004 SMS Messages Dendroid can intercept SMS messages.1
mobile T1582 SMS Control Dendroid can send and block SMS messages.1
mobile T1512 Video Capture Dendroid can take photos and record videos.1
mobile T1633 Virtualization/Sandbox Evasion -
mobile T1633.001 System Checks Dendroid can detect if it is being ran on an emulator.1

References