Skip to content

S0302 Twitoor

Twitoor is a dropper application capable of receiving commands from social media.1

Item Value
ID S0302
Associated Names
Type MALWARE
Version 2.0
Created 25 October 2017
Last Modified 24 October 2022
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
mobile T1521 Encrypted Channel Twitoor encrypts its C2 communication.1
mobile T1628 Hide Artifacts -
mobile T1628.001 Suppress Application Icon Twitoor can hide its presence on the system.1
mobile T1481 Web Service -
mobile T1481.003 One-Way Communication Twitoor can be controlled via Twitter.1

References

  1. ESET. (2016, August 24). First Twitter-controlled Android botnet discovered. Retrieved December 22, 2016.