S0302 Twitoor
Twitoor is a dropper application capable of receiving commands from social media.1
| Item | Value |
|---|---|
| ID | S0302 |
| Associated Names | |
| Type | MALWARE |
| Version | 2.0 |
| Created | 25 October 2017 |
| Last Modified | 30 September 2020 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| mobile | T1476 | Deliver Malicious App via Other Means | Twitoor can install attacker-specified applications.1 |
| mobile | T1521 | Standard Cryptographic Protocol | Twitoor encrypts its C2 communication.1 |
| mobile | T1508 | Suppress Application Icon | Twitoor can hide its presence on the system.1 |
| mobile | T1481 | Web Service | Twitoor can be controlled via Twitter.1 |