HilalRAT - S1128 (55714f87-6178-4b89-b3e5-d3a643f647ca)

HilalRAT is a remote access-capable Android malware, developed and used by UNC788.(Citation: Meta Adversarial Threat Report 2022) HilalRAT is capable of collecting data, such as device location, call logs, etc., and is capable of executing actions, such as activating a device's camera and microphone.(Citation: Meta Adversarial Threat Report 2022)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002)	Attack Pattern	HilalRAT - S1128 (55714f87-6178-4b89-b3e5-d3a643f647ca)	Malware	1
HilalRAT - S1128 (55714f87-6178-4b89-b3e5-d3a643f647ca)	Malware	Stored Application Data - T1409 (702055ac-4e54-4ae9-9527-e23a38e0b160)	Attack Pattern	1
HilalRAT - S1128 (55714f87-6178-4b89-b3e5-d3a643f647ca)	Malware	Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4)	Attack Pattern	1
Audio Capture - T1429 (6683aa0c-d98a-4f5b-ac57-ca7e9934a760)	Attack Pattern	HilalRAT - S1128 (55714f87-6178-4b89-b3e5-d3a643f647ca)	Malware	1
HilalRAT - S1128 (55714f87-6178-4b89-b3e5-d3a643f647ca)	Malware	Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86)	Attack Pattern	1
Video Capture - T1512 (d8940e76-f9c1-4912-bea6-e21c251370b6)	Attack Pattern	HilalRAT - S1128 (55714f87-6178-4b89-b3e5-d3a643f647ca)	Malware	1
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e)	Attack Pattern	SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002)	Attack Pattern	2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e)	Attack Pattern	Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86)	Attack Pattern	2