BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)

BRATA (Brazilian Remote Access Tool, Android), is an evolving Android malware strain, detected in late 2018 and again in late 2021. Originating in Brazil, BRATA was later also found in the UK, Poland, Italy, Spain, and USA, where it is believed to have targeted financial institutions such as banks. There are currently three known variants of BRATA.(Citation: securelist_brata_0819)(Citation: cleafy_brata_0122)(Citation: mcafee_brata_0421)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Exploitation for Initial Access - T1664 (6ecbc2eb-e85a-440a-ab68-4d98f8d56fbe)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
Geofencing - T1627.001 (e422b6fa-4739-46b9-992e-82f1b350c780)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Screen Capture - T1513 (73c26732-6422-4081-8b63-6d0ae93d449e)	Attack Pattern	1
Uninstall Malicious Application - T1630.001 (0cdd66ad-26ac-4338-a764-4972a1e17ee3)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Data Destruction - T1662 (9ef14445-6f35-4ed0-a042-5024f13a9242)	Attack Pattern	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Archive Collected Data - T1532 (e3b936a4-6321-4172-9114-038a866362ec)	Attack Pattern	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Disable or Modify Tools - T1629.003 (2aa78dfd-cb6f-4c70-9408-137cfd96be49)	Attack Pattern	1
Remote Access Software - T1663 (0b761f2b-197a-40f2-b100-8152cb957c0c)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Transmitted Data Manipulation - T1641.001 (74e6003f-c7f4-4047-983b-708cc19b96b6)	Attack Pattern	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Security Software Discovery - T1418.001 (1d44f529-6fe6-489f-8a01-6261ac43f05e)	Attack Pattern	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Exfiltration Over C2 Channel - T1646 (32063d7f-0a39-440d-a4a3-2694488f96cc)	Attack Pattern	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Download New Code at Runtime - T1407 (6c49d50f-494d-4150-b774-a655022d20a6)	Attack Pattern	1
Obfuscated Files or Information - T1406 (d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Lockscreen Bypass - T1461 (dfe29258-ce59-421c-9dee-e85cb9fa90cd)	Attack Pattern	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	System Information Discovery - T1426 (e2ea7f6b-8d4f-49c3-819d-660530d12b77)	Attack Pattern	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	User Evasion - T1628.002 (24a77e53-0751-46fc-b207-99378fb35c08)	Attack Pattern	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512)	Attack Pattern	1
Software Packing - T1406.002 (51636761-2e35-44bf-9e56-e337adf97174)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Data from Local System - T1533 (e1c912a9-e305-434b-9172-8a6ce3ec9c4a)	Attack Pattern	1
Input Injection - T1516 (d1f1337e-aea7-454c-86bd-482a98ffaf62)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
Phishing - T1660 (defc1257-4db1-4fb3-8ef5-bb77f63146df)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Keylogging - T1417.001 (b1c95426-2550-4621-8028-ceebf28b3a47)	Attack Pattern	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Call Control - T1616 (351ddf79-2d3a-41b4-9bef-82ea5d3ccd69)	Attack Pattern	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	System Checks - T1633.001 (6ffad4be-bfe0-424f-abde-4d9a84a800ad)	Attack Pattern	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add)	Attack Pattern	1
Geofencing - T1627.001 (e422b6fa-4739-46b9-992e-82f1b350c780)	Attack Pattern	Execution Guardrails - T1627 (498e7b81-238d-404c-aa5e-332904d63286)	Attack Pattern	2
Uninstall Malicious Application - T1630.001 (0cdd66ad-26ac-4338-a764-4972a1e17ee3)	Attack Pattern	Indicator Removal on Host - T1630 (0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d)	Attack Pattern	2
Impair Defenses - T1629 (20b0931a-8952-42ca-975f-775bad295f1a)	Attack Pattern	Disable or Modify Tools - T1629.003 (2aa78dfd-cb6f-4c70-9408-137cfd96be49)	Attack Pattern	2
Transmitted Data Manipulation - T1641.001 (74e6003f-c7f4-4047-983b-708cc19b96b6)	Attack Pattern	Data Manipulation - T1641 (c548d8c4-a0a3-4a24-bb79-2a84abbc7b36)	Attack Pattern	2
Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2)	Attack Pattern	Security Software Discovery - T1418.001 (1d44f529-6fe6-489f-8a01-6261ac43f05e)	Attack Pattern	2
Hide Artifacts - T1628 (fc53309d-ebd5-4573-9242-57024ebdad4f)	Attack Pattern	User Evasion - T1628.002 (24a77e53-0751-46fc-b207-99378fb35c08)	Attack Pattern	2
GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512)	Attack Pattern	Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad)	Attack Pattern	2
Obfuscated Files or Information - T1406 (d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a)	Attack Pattern	Software Packing - T1406.002 (51636761-2e35-44bf-9e56-e337adf97174)	Attack Pattern	2
Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b)	Attack Pattern	Masquerading - T1655 (f856eaab-e84a-4265-a8a2-7bf37e5dc2fc)	Attack Pattern	2
Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad)	Attack Pattern	Keylogging - T1417.001 (b1c95426-2550-4621-8028-ceebf28b3a47)	Attack Pattern	2
System Checks - T1633.001 (6ffad4be-bfe0-424f-abde-4d9a84a800ad)	Attack Pattern	Virtualization/Sandbox Evasion - T1633 (27d18e87-8f32-4be1-b456-39b90454360f)	Attack Pattern	2
Application Layer Protocol - T1437 (6a3f6490-9c44-40de-b059-e5940f246673)	Attack Pattern	Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add)	Attack Pattern	2