Skip to content

S0301 Dendroid

Dendroid is an Android remote access tool (RAT) primarily targeting Western countries. The RAT was available for purchase for $300 and came bundled with a utility to inject the RAT into legitimate applications.1

Item Value
ID S0301
Associated Names
Version 2.0
Created 25 October 2017
Last Modified 29 September 2020
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
mobile T1429 Capture Audio Dendroid can record audio and outgoing calls.1
mobile T1512 Capture Camera Dendroid can take photos and record videos.1
mobile T1412 Capture SMS Messages Dendroid can intercept SMS messages.1
mobile T1533 Data from Local System Dendroid can collect the device’s photos, browser history, bookmarks, and accounts stored on the device.1
mobile T1475 Deliver Malicious App via Authorized App Store Dendroid has been distributed via the Google Play Store.1
mobile T1523 Evade Analysis Environment Dendroid can detect if it is being ran on an emulator.1
mobile T1411 Input Prompt Dendroid can open a dialog box to ask the user for passwords.1
mobile T1444 Masquerade as Legitimate Application Dendroid can be bound to legitimate applications prior to installation on devices.1
mobile T1582 SMS Control Dendroid can send and block SMS messages.1


Back to top