S0304 Android/Chuli.A
Android/Chuli.A is Android malware that was delivered to activist groups via a spearphishing email with an attachment. 1
| Item | Value |
|---|---|
| ID | S0304 |
| Associated Names | |
| Type | MALWARE |
| Version | 1.2 |
| Created | 25 October 2017 |
| Last Modified | 24 October 2022 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| mobile | T1437 | Application Layer Protocol | - |
| mobile | T1437.001 | Web Protocols | Android/Chuli.A used HTTP uploads to a URL as a command and control mechanism.1 |
| mobile | T1430 | Location Tracking | Android/Chuli.A stole geo-location data.1 |
| mobile | T1644 | Out of Band Data | Android/Chuli.A used SMS to receive command and control messages.1 |
| mobile | T1636 | Protected User Data | - |
| mobile | T1636.002 | Call Log | Android/Chuli.A stole call logs.1 |
| mobile | T1636.003 | Contact List | Android/Chuli.A stole contact list data stored both on the the phone and the SIM card.1 |
| mobile | T1636.004 | SMS Messages | Android/Chuli.A stole SMS message content.1 |
| mobile | T1426 | System Information Discovery | Android/Chuli.A gathered system information including phone number, OS version, phone model, and SDK version.1 |