Skip to content

Hide Navigation Hide TOC

AndroRAT - S0292 (a3dad2be-ce62-4440-953b-00fbce7aba93)

AndroRAT is an open-source remote access tool for Android devices. AndroRAT is capable of collecting data, such as device location, call logs, etc., and is capable of executing actions, such as sending SMS messages and taking pictures.(Citation: Lookout-EnterpriseApps)(Citation: github_androrat)(Citation: Forcepoint BITTER Pakistan Oct 2016) It is originally available through the The404Hacking Github repository.(Citation: github_androrat)

Cluster A Galaxy A Cluster B Galaxy B Level
Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) Attack Pattern AndroRAT - S0292 (a3dad2be-ce62-4440-953b-00fbce7aba93) Malware 1
SMS Control - T1582 (b327a9c0-e709-495c-aa6e-00b042136e2b) Attack Pattern AndroRAT - S0292 (a3dad2be-ce62-4440-953b-00fbce7aba93) Malware 1
Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern AndroRAT - S0292 (a3dad2be-ce62-4440-953b-00fbce7aba93) Malware 1
AndroRAT - S0292 (a3dad2be-ce62-4440-953b-00fbce7aba93) Malware Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern 1
AndroRAT - S0292 (a3dad2be-ce62-4440-953b-00fbce7aba93) Malware Call Control - T1616 (351ddf79-2d3a-41b4-9bef-82ea5d3ccd69) Attack Pattern 1
AndroRAT (80447111-8085-40a4-a052-420926091ac6) Malpedia AndroRAT - S0292 (a3dad2be-ce62-4440-953b-00fbce7aba93) Malware 1
AndroRAT - S0292 (a3dad2be-ce62-4440-953b-00fbce7aba93) Malware Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4) Attack Pattern 1
AndroRAT - S0292 (a3dad2be-ce62-4440-953b-00fbce7aba93) Malware Audio Capture - T1429 (6683aa0c-d98a-4f5b-ac57-ca7e9934a760) Attack Pattern 1
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern AndroRAT - S0292 (a3dad2be-ce62-4440-953b-00fbce7aba93) Malware 1
AndroRAT - S0292 (a3dad2be-ce62-4440-953b-00fbce7aba93) Malware System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd) Attack Pattern 1
AndroRAT - S0292 (a3dad2be-ce62-4440-953b-00fbce7aba93) Malware Video Capture - T1512 (d8940e76-f9c1-4912-bea6-e21c251370b6) Attack Pattern 1
Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) Attack Pattern Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern 2
Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern 2
Masquerading - T1655 (f856eaab-e84a-4265-a8a2-7bf37e5dc2fc) Attack Pattern Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern 2
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern 2