Skip to content

Hide Navigation Hide TOC

SilkBean - S0549 (ddbe5657-e21e-4a89-8221-2f1362d397ec)

SilkBean is a piece of Android surveillanceware containing comprehensive remote access tool (RAT) functionality that has been used in targeting of the Uyghur ethnic group.(Citation: Lookout Uyghur Campaign)

Cluster A Galaxy A Cluster B Galaxy B Level
Data from Local System - T1533 (e1c912a9-e305-434b-9172-8a6ce3ec9c4a) Attack Pattern SilkBean - S0549 (ddbe5657-e21e-4a89-8221-2f1362d397ec) Malware 1
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern SilkBean - S0549 (ddbe5657-e21e-4a89-8221-2f1362d397ec) Malware 1
SilkBean - S0549 (ddbe5657-e21e-4a89-8221-2f1362d397ec) Malware Asymmetric Cryptography - T1521.002 (16d73b64-5681-4ea0-9af4-4ad86f7c96e8) Attack Pattern 1
Code Signing Policy Modification - T1632.001 (fcb11f06-ce0e-490b-bcc1-04a1623579f0) Attack Pattern SilkBean - S0549 (ddbe5657-e21e-4a89-8221-2f1362d397ec) Malware 1
Download New Code at Runtime - T1407 (6c49d50f-494d-4150-b774-a655022d20a6) Attack Pattern SilkBean - S0549 (ddbe5657-e21e-4a89-8221-2f1362d397ec) Malware 1
SilkBean - S0549 (ddbe5657-e21e-4a89-8221-2f1362d397ec) Malware Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4) Attack Pattern 1
SilkBean - S0549 (ddbe5657-e21e-4a89-8221-2f1362d397ec) Malware Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) Attack Pattern 1
SilkBean - S0549 (ddbe5657-e21e-4a89-8221-2f1362d397ec) Malware File and Directory Discovery - T1420 (cf28ca46-1fd3-46b4-b1f6-ec0b72361848) Attack Pattern 1
Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern SilkBean - S0549 (ddbe5657-e21e-4a89-8221-2f1362d397ec) Malware 1
SilkBean - S0549 (ddbe5657-e21e-4a89-8221-2f1362d397ec) Malware File Deletion - T1630.002 (ab7400b7-3476-4776-9545-ef3fa373de63) Attack Pattern 1
Video Capture - T1512 (d8940e76-f9c1-4912-bea6-e21c251370b6) Attack Pattern SilkBean - S0549 (ddbe5657-e21e-4a89-8221-2f1362d397ec) Malware 1
Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add) Attack Pattern SilkBean - S0549 (ddbe5657-e21e-4a89-8221-2f1362d397ec) Malware 1
SMS Control - T1582 (b327a9c0-e709-495c-aa6e-00b042136e2b) Attack Pattern SilkBean - S0549 (ddbe5657-e21e-4a89-8221-2f1362d397ec) Malware 1
SilkBean - S0549 (ddbe5657-e21e-4a89-8221-2f1362d397ec) Malware Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern 1
SilkBean - S0549 (ddbe5657-e21e-4a89-8221-2f1362d397ec) Malware Obfuscated Files or Information - T1406 (d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a) Attack Pattern 1
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern 2
Asymmetric Cryptography - T1521.002 (16d73b64-5681-4ea0-9af4-4ad86f7c96e8) Attack Pattern Encrypted Channel - T1521 (ed2c05a1-4f81-4d97-9e1b-aff01c34ae84) Attack Pattern 2
Code Signing Policy Modification - T1632.001 (fcb11f06-ce0e-490b-bcc1-04a1623579f0) Attack Pattern Subvert Trust Controls - T1632 (79cb02f4-ac4e-4335-8b51-425c9573cce1) Attack Pattern 2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) Attack Pattern 2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern 2
Indicator Removal on Host - T1630 (0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d) Attack Pattern File Deletion - T1630.002 (ab7400b7-3476-4776-9545-ef3fa373de63) Attack Pattern 2
Application Layer Protocol - T1437 (6a3f6490-9c44-40de-b059-e5940f246673) Attack Pattern Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add) Attack Pattern 2
Masquerading - T1655 (f856eaab-e84a-4265-a8a2-7bf37e5dc2fc) Attack Pattern Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern 2