Skip to content

Hide Navigation Hide TOC

AndroRAT - S0292 (a3dad2be-ce62-4440-953b-00fbce7aba93)

AndroRAT is an open-source remote access tool for Android devices. AndroRAT is capable of collecting data, such as device location, call logs, etc., and is capable of executing actions, such as sending SMS messages and taking pictures.(Citation: Lookout-EnterpriseApps)(Citation: github_androrat)(Citation: Forcepoint BITTER Pakistan Oct 2016) It is originally available through the The404Hacking Github repository.(Citation: github_androrat)

Cluster A Galaxy A Cluster B Galaxy B Level
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern AndroRAT - S0292 (a3dad2be-ce62-4440-953b-00fbce7aba93) Malware 1
AndroRAT - S0292 (a3dad2be-ce62-4440-953b-00fbce7aba93) Malware System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd) Attack Pattern 1
Video Capture - T1512 (d8940e76-f9c1-4912-bea6-e21c251370b6) Attack Pattern AndroRAT - S0292 (a3dad2be-ce62-4440-953b-00fbce7aba93) Malware 1
SMS Control - T1582 (b327a9c0-e709-495c-aa6e-00b042136e2b) Attack Pattern AndroRAT - S0292 (a3dad2be-ce62-4440-953b-00fbce7aba93) Malware 1
AndroRAT - S0292 (a3dad2be-ce62-4440-953b-00fbce7aba93) Malware Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) Attack Pattern 1
AndroRAT (80447111-8085-40a4-a052-420926091ac6) Malpedia AndroRAT - S0292 (a3dad2be-ce62-4440-953b-00fbce7aba93) Malware 1
Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern AndroRAT - S0292 (a3dad2be-ce62-4440-953b-00fbce7aba93) Malware 1
Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern AndroRAT - S0292 (a3dad2be-ce62-4440-953b-00fbce7aba93) Malware 1
AndroRAT - S0292 (a3dad2be-ce62-4440-953b-00fbce7aba93) Malware Call Control - T1616 (351ddf79-2d3a-41b4-9bef-82ea5d3ccd69) Attack Pattern 1
Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4) Attack Pattern AndroRAT - S0292 (a3dad2be-ce62-4440-953b-00fbce7aba93) Malware 1
AndroRAT - S0292 (a3dad2be-ce62-4440-953b-00fbce7aba93) Malware Audio Capture - T1429 (6683aa0c-d98a-4f5b-ac57-ca7e9934a760) Attack Pattern 1
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern 2
Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) Attack Pattern Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern 2
Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern Masquerading - T1655 (f856eaab-e84a-4265-a8a2-7bf37e5dc2fc) Attack Pattern 2
Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern 2