| mobile |
T1433 |
Access Call Log |
GoldenEagle has collected call logs. |
| mobile |
T1432 |
Access Contact List |
GoldenEagle has collected a list of contacts. |
| mobile |
T1409 |
Access Stored Application Data |
GoldenEagle has extracted messages from chat programs, such as WeChat. |
| mobile |
T1418 |
Application Discovery |
GoldenEagle has collected a list of installed application names. |
| mobile |
T1429 |
Capture Audio |
GoldenEagle has recorded calls and environment audio in .amr format. |
| mobile |
T1512 |
Capture Camera |
GoldenEagle has taken photos with the device camera. |
| mobile |
T1412 |
Capture SMS Messages |
GoldenEagle has collected SMS messages. |
| mobile |
T1533 |
Data from Local System |
GoldenEagle has retrieved .doc, .txt, .gif, .apk, .jpg, .png, .mp3, and .db files from external storage. |
| mobile |
T1407 |
Download New Code at Runtime |
GoldenEagle can download new code to update itself. |
| mobile |
T1420 |
File and Directory Discovery |
GoldenEagle has looked for .doc, .txt, .gif, .apk, .jpg, .png, .mp3, and .db files on external storage. |
| mobile |
T1478 |
Install Insecure or Malicious Configuration |
GoldenEagle has modified or configured proxy information. |
| mobile |
T1430 |
Location Tracking |
GoldenEagle has tracked location. |
| mobile |
T1444 |
Masquerade as Legitimate Application |
GoldenEagle has inserted trojan functionality into legitimate apps, including popular apps within the Uyghur community, VPNs, instant messaging apps, social networking, games, adult media, and Google searching. |
| mobile |
T1513 |
Screen Capture |
GoldenEagle has taken screenshots. |
| mobile |
T1582 |
SMS Control |
GoldenEagle has sent messages to an attacker-controlled number. |
| mobile |
T1437 |
Standard Application Layer Protocol |
GoldenEagle has exfiltrated data via both SMTP and HTTP and used HTTP POST requests for C2. |
| mobile |
T1426 |
System Information Discovery |
GoldenEagle has checked for system root. |