S0301 Dendroid
Dendroid is an Android remote access tool (RAT) primarily targeting Western countries. The RAT was available for purchase for $300 and came bundled with a utility to inject the RAT into legitimate applications.1
| Item | Value |
|---|---|
| ID | S0301 |
| Associated Names | |
| Type | MALWARE |
| Version | 2.0 |
| Created | 25 October 2017 |
| Last Modified | 29 September 2020 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| mobile | T1429 | Capture Audio | Dendroid can record audio and outgoing calls.1 |
| mobile | T1512 | Capture Camera | Dendroid can take photos and record videos.1 |
| mobile | T1412 | Capture SMS Messages | Dendroid can intercept SMS messages.1 |
| mobile | T1533 | Data from Local System | Dendroid can collect the device’s photos, browser history, bookmarks, and accounts stored on the device.1 |
| mobile | T1475 | Deliver Malicious App via Authorized App Store | Dendroid has been distributed via the Google Play Store.1 |
| mobile | T1523 | Evade Analysis Environment | Dendroid can detect if it is being ran on an emulator.1 |
| mobile | T1411 | Input Prompt | Dendroid can open a dialog box to ask the user for passwords.1 |
| mobile | T1444 | Masquerade as Legitimate Application | Dendroid can be bound to legitimate applications prior to installation on devices.1 |
| mobile | T1582 | SMS Control | Dendroid can send and block SMS messages.1 |