FlixOnline - S1103 (0ec9593f-3221-49b1-b597-37f307c19f13)

FlixOnline is an Android malware, first detected in early 2021, believed to target users of WhatsApp. FlixOnline primarily spreads via automatic replies to a device’s incoming WhatsApp messages.(Citation: checkpoint_flixonline_0421)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Stored Application Data - T1409 (702055ac-4e54-4ae9-9527-e23a38e0b160)	Attack Pattern	FlixOnline - S1103 (0ec9593f-3221-49b1-b597-37f307c19f13)	Malware	1
Generate Traffic from Victim - T1643 (a8e971b8-8dc7-4514-8249-ae95427ec467)	Attack Pattern	FlixOnline - S1103 (0ec9593f-3221-49b1-b597-37f307c19f13)	Malware	1
FlixOnline - S1103 (0ec9593f-3221-49b1-b597-37f307c19f13)	Malware	Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6)	Attack Pattern	1
FlixOnline - S1103 (0ec9593f-3221-49b1-b597-37f307c19f13)	Malware	Broadcast Receivers - T1624.001 (3775a580-a1d1-46c4-8147-c614a715f2e9)	Attack Pattern	1
Access Notifications - T1517 (39dd7871-f59b-495f-a9a5-3cb8cc50c9b2)	Attack Pattern	FlixOnline - S1103 (0ec9593f-3221-49b1-b597-37f307c19f13)	Malware	1
GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512)	Attack Pattern	FlixOnline - S1103 (0ec9593f-3221-49b1-b597-37f307c19f13)	Malware	1
Hide Artifacts - T1628 (fc53309d-ebd5-4573-9242-57024ebdad4f)	Attack Pattern	Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6)	Attack Pattern	2
Event Triggered Execution - T1624 (d446b9f0-06a9-4a8d-97ee-298cfee84f14)	Attack Pattern	Broadcast Receivers - T1624.001 (3775a580-a1d1-46c4-8147-c614a715f2e9)	Attack Pattern	2
GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512)	Attack Pattern	Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad)	Attack Pattern	2