SimBad - S0419 (f79c01eb-2954-40d8-a819-00b342f47ce7)

SimBad was a strain of adware on the Google Play Store, distributed through the RXDroider Software Development Kit. The name "SimBad" was derived from the fact that most of the infected applications were simulator games. The adware was controlled using an instance of the open source framework Parse Server.(Citation: CheckPoint SimBad 2019)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Broadcast Receivers - T1624.001 (3775a580-a1d1-46c4-8147-c614a715f2e9)	Attack Pattern	SimBad - S0419 (f79c01eb-2954-40d8-a819-00b342f47ce7)	Malware	1
Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6)	Attack Pattern	SimBad - S0419 (f79c01eb-2954-40d8-a819-00b342f47ce7)	Malware	1
SimBad - S0419 (f79c01eb-2954-40d8-a819-00b342f47ce7)	Malware	Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b)	Attack Pattern	1
SimBad - S0419 (f79c01eb-2954-40d8-a819-00b342f47ce7)	Malware	Generate Traffic from Victim - T1643 (a8e971b8-8dc7-4514-8249-ae95427ec467)	Attack Pattern	1
Broadcast Receivers - T1624.001 (3775a580-a1d1-46c4-8147-c614a715f2e9)	Attack Pattern	Event Triggered Execution - T1624 (d446b9f0-06a9-4a8d-97ee-298cfee84f14)	Attack Pattern	2
Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6)	Attack Pattern	Hide Artifacts - T1628 (fc53309d-ebd5-4573-9242-57024ebdad4f)	Attack Pattern	2
Masquerading - T1655 (f856eaab-e84a-4265-a8a2-7bf37e5dc2fc)	Attack Pattern	Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b)	Attack Pattern	2