S1128 HilalRAT
HilalRAT is a remote access-capable Android malware, developed and used by UNC788.1 HilalRAT is capable of collecting data, such as device location, call logs, etc., and is capable of executing actions, such as activating a device’s camera and microphone.1
| Item | Value |
|---|---|
| ID | S1128 |
| Associated Names | |
| Type | MALWARE |
| Version | 1.0 |
| Created | 02 April 2024 |
| Last Modified | 10 April 2024 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| mobile | T1429 | Audio Capture | HilalRAT can activate a device’s microphone.1 |
| mobile | T1430 | Location Tracking | HilalRAT can access a device’s location.1 |
| mobile | T1636 | Protected User Data | - |
| mobile | T1636.003 | Contact List | HilalRAT can retrieve a device’s contact list.1 |
| mobile | T1636.004 | SMS Messages | HilalRAT can retrieve a device’s SMS messages.1 |
| mobile | T1409 | Stored Application Data | HilalRAT can access and retrieve files on a device.1 |
| mobile | T1512 | Video Capture | HilalRAT can activate a device’s camera.1 |
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G1029 | UNC788 | 1 |