S0327 Skygofree
Skygofree is Android spyware that is believed to have been developed in 2014 and used through at least 2017. 1
| Item | Value |
|---|---|
| ID | S0327 |
| Associated Names | |
| Type | MALWARE |
| Version | 1.2 |
| Created | 17 October 2018 |
| Last Modified | 15 October 2019 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| mobile | T1409 | Access Stored Application Data | Skygofree has a capability to obtain files from other installed applications.1 |
| mobile | T1438 | Alternate Network Mediums | Skygofree can be controlled via binary SMS.1 |
| mobile | T1429 | Capture Audio | Skygofree can record audio via the microphone when an infected device is in a specified location.1 |
| mobile | T1512 | Capture Camera | Skygofree can record video or capture photos when an infected device is in a specified location.1 |
| mobile | T1407 | Download New Code at Runtime | Skygofree can download executable code from the C2 server after the implant starts or after a specific command.1 |
| mobile | T1404 | Exploit OS Vulnerability | Skygofree has the capability to exploit several known vulnerabilities and escalate privileges.1 |
| mobile | T1430 | Location Tracking | Skygofree can track the device’s location.1 |
| mobile | T1437 | Standard Application Layer Protocol | Skygofree can be controlled via HTTP, XMPP, FirebaseCloudMessaging, or GoogleCloudMessaging in older versions.1 |