S0506 ViperRAT
ViperRAT is sophisticated surveillanceware that has been in operation since at least 2015 and was used to target the Israeli Defense Force.
| Item |
Value |
| ID |
S0506 |
| Associated Names |
|
| Type |
MALWARE |
| Version |
1.0 |
| Created |
11 September 2020 |
| Last Modified |
29 September 2020 |
| Navigation Layer |
View In ATT&CK® Navigator |
Techniques Used
| Domain |
ID |
Name |
Use |
| mobile |
T1429 |
Audio Capture |
ViperRAT can collect and record audio content. |
| mobile |
T1533 |
Data from Local System |
ViperRAT can collect device photos, PDF documents, Office documents, browser history, and browser bookmarks. |
| mobile |
T1407 |
Download New Code at Runtime |
ViperRAT has been installed in two stages and can secretly install new applications. |
| mobile |
T1430 |
Location Tracking |
ViperRAT can track the device’s location. |
| mobile |
T1636 |
Protected User Data |
- |
| mobile |
T1636.002 |
Call Log |
ViperRAT can collect the device’s call log. |
| mobile |
T1636.003 |
Contact List |
ViperRAT can collect the device’s contact list. |
| mobile |
T1636.004 |
SMS Messages |
ViperRAT can collect SMS messages. |
| mobile |
T1426 |
System Information Discovery |
ViperRAT can collect system information, including brand, manufacturer, and serial number. |
| mobile |
T1422 |
System Network Configuration Discovery |
ViperRAT can collect network configuration data from the device, including phone number, SIM operator, and network operator. |
| mobile |
T1421 |
System Network Connections Discovery |
ViperRAT can collect the device’s cell tower information. |
| mobile |
T1512 |
Video Capture |
ViperRAT can take photos with the device camera. |
References