HenBox - S0544 (aef537ba-10c2-40ed-a57a-80b8508aada4)

HenBox is Android malware that attempts to only execute on Xiaomi devices running the MIUI operating system. HenBox has primarily been used to target Uyghurs, a minority Turkic ethnic group.(Citation: Palo Alto HenBox)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
HenBox - S0544 (aef537ba-10c2-40ed-a57a-80b8508aada4)	Malware	SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002)	Attack Pattern	1
HenBox - S0544 (aef537ba-10c2-40ed-a57a-80b8508aada4)	Malware	Native API - T1575 (52eff1c7-dd30-4121-b762-24ae6fa61bbb)	Attack Pattern	1
HenBox - S0544 (aef537ba-10c2-40ed-a57a-80b8508aada4)	Malware	Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2)	Attack Pattern	1
HenBox - S0544 (aef537ba-10c2-40ed-a57a-80b8508aada4)	Malware	System Information Discovery - T1426 (e2ea7f6b-8d4f-49c3-819d-660530d12b77)	Attack Pattern	1
HenBox - S0544 (aef537ba-10c2-40ed-a57a-80b8508aada4)	Malware	Download New Code at Runtime - T1407 (6c49d50f-494d-4150-b774-a655022d20a6)	Attack Pattern	1
HenBox - S0544 (aef537ba-10c2-40ed-a57a-80b8508aada4)	Malware	Process Discovery - T1424 (1b51f5bc-b97a-498a-8dbd-bc6b1901bf19)	Attack Pattern	1
HenBox - S0544 (aef537ba-10c2-40ed-a57a-80b8508aada4)	Malware	Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4)	Attack Pattern	1
HenBox - S0544 (aef537ba-10c2-40ed-a57a-80b8508aada4)	Malware	Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d)	Attack Pattern	1
HenBox - S0544 (aef537ba-10c2-40ed-a57a-80b8508aada4)	Malware	Audio Capture - T1429 (6683aa0c-d98a-4f5b-ac57-ca7e9934a760)	Attack Pattern	1
HenBox - S0544 (aef537ba-10c2-40ed-a57a-80b8508aada4)	Malware	System Checks - T1633.001 (6ffad4be-bfe0-424f-abde-4d9a84a800ad)	Attack Pattern	1
HenBox - S0544 (aef537ba-10c2-40ed-a57a-80b8508aada4)	Malware	Unix Shell - T1623.001 (693cdbff-ea73-49c6-ac3f-91e7285c31d1)	Attack Pattern	1
HenBox - S0544 (aef537ba-10c2-40ed-a57a-80b8508aada4)	Malware	Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86)	Attack Pattern	1
HenBox - S0544 (aef537ba-10c2-40ed-a57a-80b8508aada4)	Malware	Broadcast Receivers - T1624.001 (3775a580-a1d1-46c4-8147-c614a715f2e9)	Attack Pattern	1
HenBox - S0544 (aef537ba-10c2-40ed-a57a-80b8508aada4)	Malware	Video Capture - T1512 (d8940e76-f9c1-4912-bea6-e21c251370b6)	Attack Pattern	1
HenBox - S0544 (aef537ba-10c2-40ed-a57a-80b8508aada4)	Malware	Data from Local System - T1533 (e1c912a9-e305-434b-9172-8a6ce3ec9c4a)	Attack Pattern	1
HenBox - S0544 (aef537ba-10c2-40ed-a57a-80b8508aada4)	Malware	Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b)	Attack Pattern	1
HenBox - S0544 (aef537ba-10c2-40ed-a57a-80b8508aada4)	Malware	Obfuscated Files or Information - T1406 (d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a)	Attack Pattern	1
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e)	Attack Pattern	SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002)	Attack Pattern	2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e)	Attack Pattern	Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d)	Attack Pattern	2
System Checks - T1633.001 (6ffad4be-bfe0-424f-abde-4d9a84a800ad)	Attack Pattern	Virtualization/Sandbox Evasion - T1633 (27d18e87-8f32-4be1-b456-39b90454360f)	Attack Pattern	2
Command and Scripting Interpreter - T1623 (29f1f56c-7b7a-4c14-9e39-59577ea2743c)	Attack Pattern	Unix Shell - T1623.001 (693cdbff-ea73-49c6-ac3f-91e7285c31d1)	Attack Pattern	2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e)	Attack Pattern	Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86)	Attack Pattern	2
Broadcast Receivers - T1624.001 (3775a580-a1d1-46c4-8147-c614a715f2e9)	Attack Pattern	Event Triggered Execution - T1624 (d446b9f0-06a9-4a8d-97ee-298cfee84f14)	Attack Pattern	2
Masquerading - T1655 (f856eaab-e84a-4265-a8a2-7bf37e5dc2fc)	Attack Pattern	Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b)	Attack Pattern	2