Skip to content

S0310 ANDROIDOS_ANSERVER.A

ANDROIDOS_ANSERVER.A is Android malware that is unique because it uses encrypted content within a blog site for command and control. 1

Item Value
ID S0310
Associated Names
Type MALWARE
Version 1.3
Created 25 October 2017
Last Modified 24 October 2022
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
mobile T1426 System Information Discovery ANDROIDOS_ANSERVER.A gathers the device OS version, device build version, manufacturer, and model.2
mobile T1422 System Network Configuration Discovery
ANDROIDOS_ANSERVER.A gathers the device IMEI and IMSI.2
mobile T1481 Web Service -
mobile T1481.001 Dead Drop Resolver ANDROIDOS_ANSERVER.A uses encrypted content within a blog site for part of its command and control. Specifically, the encrypted content contains URLs for other servers to be used for other aspects of command and control.1

References

  1. Karl Dominguez. (2011, October 2). Android Malware Uses Blog Posts as C&C. Retrieved February 6, 2017. 

  2. Karl Dominguez. (2011, September 27). ANDROIDOS_ANSERVER.A. Retrieved November 30, 2018.