DEFENSOR ID - S0479 (5a5dca4c-03c1-4b99-bfcf-c206e20aa663)

DEFENSOR ID is a banking trojan capable of clearing a victim’s bank account or cryptocurrency wallet and taking over email or social media accounts. DEFENSOR ID performs the majority of its malicious functionality by abusing Android’s accessibility service.(Citation: ESET DEFENSOR ID)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
DEFENSOR ID - S0479 (5a5dca4c-03c1-4b99-bfcf-c206e20aa663)	Malware	Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2)	Attack Pattern	1
DEFENSOR ID - S0479 (5a5dca4c-03c1-4b99-bfcf-c206e20aa663)	Malware	Input Injection - T1516 (d1f1337e-aea7-454c-86bd-482a98ffaf62)	Attack Pattern	1
DEFENSOR ID - S0479 (5a5dca4c-03c1-4b99-bfcf-c206e20aa663)	Malware	Screen Capture - T1513 (73c26732-6422-4081-8b63-6d0ae93d449e)	Attack Pattern	1
DEFENSOR ID - S0479 (5a5dca4c-03c1-4b99-bfcf-c206e20aa663)	Malware	Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add)	Attack Pattern	1
DEFENSOR ID - S0479 (5a5dca4c-03c1-4b99-bfcf-c206e20aa663)	Malware	Broadcast Receivers - T1624.001 (3775a580-a1d1-46c4-8147-c614a715f2e9)	Attack Pattern	1
Application Layer Protocol - T1437 (6a3f6490-9c44-40de-b059-e5940f246673)	Attack Pattern	Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add)	Attack Pattern	2
Broadcast Receivers - T1624.001 (3775a580-a1d1-46c4-8147-c614a715f2e9)	Attack Pattern	Event Triggered Execution - T1624 (d446b9f0-06a9-4a8d-97ee-298cfee84f14)	Attack Pattern	2