
Cerberus Unchained: A Multi-Stage Trojan Banking Campaign
The Cerberus Android banking trojan is a type of malware designed to steal sensitive information, such as banking credentials and credit card information, by disguising itself as legitimate apps. It uses techniques such as overlay attacks, where it tricks users into entering data into fake screens that appear over trusted apps. Since its discovery in 2019, Cerberus has evolved to gain advanced capabilities such as advanced keylogging and remote control, and is distributed through Google Play Store apps, making it a persistent threat to Android users.
Indicators of Compromise
Hashes (37)
90c41e52f5ac57b8bd056313063acadc753d44fb97c45c2dc58d4972fe9f9f21015bd2e799049f5e474b80cbbdcd592ce4e2dfbfae183bada86a9b6ec103e25ee6d06bb9afaeb8aa80e62e76a26c7cffd14497f6c67b03c0a91eaefffd2f2c79b5c26a2648b8d3c19a22cadf35453455ff08ead07bdbd180c081fa63ca94f9c22c4573766b8911dfdf1961de9dd2c3f9b141a6c5b1029311c66e9ded9bca4d21635c0c49a90f871f87f0ba08b84a720ded3466ebf667af5ea64ac59224e897e04e96b36aac1f70d1131135a7c911bd45db8801ca336fc051246280c90ae5dafc33e68499d8514761cb6f9bcd4b491858583ee9f10b72c0582bf94ab1bcfac98117d9a52a3196a7bd041b49d5ff0cfb8c880c9f65c5e2007bfed3a2179e64e36854266023a00e1a7066cbcf8ee6c93cbc27a79d6cebdadeacba67bf7fc0bdacce97b6960dcf044df62e17f4b5723bb3269dca18eef9d5b402acee67675f87d33d7d52b3640003445778b525bcb9d86b1651af6760da7a8f54a1d001c355a5d3ad915c94cb8c69830a50fb85d8a794fa46643493b2bbcf7a68f4164a9f5f5cb2d9f30d97900c27ec44ad5333b4440fbe235428ee58f623a878baefe08f2dcdad62ad5ffce7516282073b7d81c630d4c5955d396e1e47a2f476f03dea7308461fa62f465c11+17 moreNotes
<span id="docs-internal-guid-f8521b2c-7fff-9e75-aa00-32c0490e61cd"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 13pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">CONCLUSION</span></p><p style="line-height:1.38;margin-top:12pt;margin-bottom:12pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">The Cerberus campaign represents a significant threat to mobile security, specifically targeting Android users through sophisticated techniques like phishing, keylogging, and masquerading as legitimate apps. By exploiting device permissions, Cerberus collects sensitive data such as banking credentials, SMS messages, and contact lists, and even utilizes remote control features to further its malicious activities. The malware’s persistence is enhanced by its ability to evade detection, uninstall itself, and use encrypted communication channels with command-and-control servers. Given these advanced capabilities, strong remediation strategies—including phishing awareness, </span><a href="https://socradar.io/what-is-endpoint-security-management/"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">endpoint protection</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">, and application control—are critical to defending against this evolving threat.</span></p><div><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"><br></span></div></span>
Mitigation
<span id="docs-internal-guid-2f987ebc-7fff-a032-1c49-5fcef9318a03"><p style="line-height:1.56;background-color:#f3f5f8;margin-top:8pt;margin-bottom:8pt;"><span style="font-size: 13pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">MITRE ATT&CK® Techniques</span></p><div style="margin-left:0pt;" align="left"><table style="border:none;border-collapse:collapse;"><colgroup><col><col><col></colgroup><tbody><tr style="height:26.25pt;"><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tactic</span></p></td><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Technique ID</span></p></td><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Procedure</span></p></td></tr><tr style="height:39.75pt;"><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Initial Access (</span><a href="https://attack.mitre.org/tactics/TA0027"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">TA0027</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">)</span></p></td><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Phishing (</span><a href="https://attack.mitre.org/techniques/T1660/"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1660</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">)</span></p></td><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: rgb(243, 245, 248); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Malware distributing via phishing site</span></p></td></tr><tr style="height:39.75pt;"><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Execution (</span><a href="https://attack.mitre.org/tactics/TA0041"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">TA0041</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">)</span></p></td><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Native API (</span><a href="https://attack.mitre.org/techniques/T1575/"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1575</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">)</span></p></td><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: rgb(243, 245, 248); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Malware using native code to drop final payload</span></p></td></tr><tr style="height:52.5pt;"><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Defense Evasion (</span><a href="https://attack.mitre.org/tactics/TA0030/"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">TA0030</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">)</span></p></td><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Masquerading: Match Legitimate Name or Location (</span><a href="https://attack.mitre.org/techniques/T1655/001/"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1655.001</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">)</span></p></td><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: rgb(243, 245, 248); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Malware pretending to be the Google Play Update and Chrome application</span></p></td></tr><tr style="height:39.75pt;"><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Defense Evasion (</span><a href="https://attack.mitre.org/tactics/TA0030/"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">TA0030</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">)</span></p></td><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Application Discovery (</span><a href="https://attack.mitre.org/versions/v10/techniques/T1418/"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1418</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">)</span></p></td><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: rgb(243, 245, 248); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Collects installed application package name list to identify target</span></p></td></tr><tr style="height:52.5pt;"><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Defense Evasion (</span><a href="https://attack.mitre.org/tactics/TA0030/"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">TA0030</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">)</span></p></td><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Indicator Removal on Host: Uninstall Malicious Application (</span><a href="https://attack.mitre.org/techniques/T1630/001/"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1630.001</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">) </span></p></td><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: rgb(243, 245, 248); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Malware can uninstall itself</span></p></td></tr><tr style="height:52.5pt;"><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Defense Evasion (</span><a href="https://attack.mitre.org/tactics/TA0030/"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">TA0030</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">)</span></p></td><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Input Injection (</span><a href="https://attack.mitre.org/techniques/T1516/"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1516</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">)</span></p></td><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: rgb(243, 245, 248); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Malware can mimic user interaction, perform clicks and various gestures, and input data</span></p></td></tr><tr style="height:39.75pt;"><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Collection (</span><a href="https://attack.mitre.org/tactics/TA0035/"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">TA0035</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">)</span></p></td><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Input Capture: Keylogging (</span><a href="https://attack.mitre.org/techniques/T1417/001/"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1417.001</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">)</span></p></td><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: rgb(243, 245, 248); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Malware can capture keystrokes</span></p></td></tr><tr style="height:39.75pt;"><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Discovery (</span><a href="https://attack.mitre.org/tactics/TA0032"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">TA0032</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">)</span></p></td><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Software Discovery (</span><a href="https://attack.mitre.org/techniques/T1418/"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1418</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">)</span></p></td><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: rgb(243, 245, 248); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Malware collects installed application package list</span></p></td></tr><tr style="height:39.75pt;"><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Discovery (</span><a href="https://attack.mitre.org/tactics/TA0032"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">TA0032</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">)</span></p></td><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">System Information Discovery (</span><a href="https://attack.mitre.org/techniques/T1426/"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1426</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">)</span></p></td><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: rgb(243, 245, 248); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">The malware collects basic device information.</span></p></td></tr><tr style="height:26.25pt;"><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Collection (</span><a href="https://attack.mitre.org/tactics/TA0035/"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">TA0035</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">)</span></p></td><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Screen Capture (</span><a href="https://attack.mitre.org/techniques/T1513/"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1513</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">)</span></p></td><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: rgb(243, 245, 248); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Malware can record screen content</span></p></td></tr><tr style="height:26.25pt;"><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Collection (</span><a href="https://attack.mitre.org/tactics/TA0035/"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">TA0035</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">)</span></p></td><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Audio Capture (</span><a href="https://attack.mitre.org/techniques/T1429/"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1429</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">)</span></p></td><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: rgb(243, 245, 248); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Malware captures Audio recordings</span></p></td></tr><tr style="height:26.25pt;"><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Collection (</span><a href="https://attack.mitre.org/tactics/TA0035/"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">TA0035</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">)</span></p></td><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Call Control (</span><a href="https://attack.mitre.org/techniques/T1616/"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1616</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">)</span></p></td><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: rgb(243, 245, 248); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Malware can make calls</span></p></td></tr><tr style="height:39.75pt;"><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Collection (</span><a href="https://attack.mitre.org/tactics/TA0035/"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">TA0035</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">)</span></p></td><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Protected User Data: Contact List (</span><a href="https://attack.mitre.org/techniques/T1636/003/"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1636.003</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">)</span></p></td><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: rgb(243, 245, 248); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Malware steals contacts</span></p></td></tr><tr style="height:52.5pt;"><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Collection (</span><a href="https://attack.mitre.org/tactics/TA0035/"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">TA0035</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">)</span></p></td><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Protected User Data: SMS Messages</span></p><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">(</span><a href="https://attack.mitre.org/techniques/T1636/004/"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1636.004</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">)</span></p></td><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: rgb(243, 245, 248); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Steals SMSs from the infected device</span></p></td></tr><tr style="height:39.75pt;"><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Command and Control (</span><a href="https://attack.mitre.org/tactics/TA0037"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">TA0037</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">)</span></p></td><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Dynamic Resolution: Domain Generation Algorithms (</span><a href="https://attack.mitre.org/techniques/T1637/001/"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1637.001</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">)</span></p></td><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: rgb(243, 245, 248); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Malware has implemented DGA</span></p></td></tr><tr style="height:39.75pt;"><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Command and Control (</span><a href="https://attack.mitre.org/tactics/TA0037"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">TA0037</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">)</span></p></td><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Encrypted Channel: Symmetric Cryptography (</span><a href="https://attack.mitre.org/techniques/T1521/001/"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1521.001</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">)</span></p></td><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: rgb(243, 245, 248); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Malware uses RC4 for encrypting C&C communication</span></p></td></tr><tr style="height:39.75pt;"><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Exfiltration (</span><a href="https://attack.mitre.org/tactics/TA0036/"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">TA0036</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">)</span></p></td><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Exfiltration Over C2 Channel (</span><a href="https://attack.mitre.org/techniques/T1646/"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1646</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 255); background-color: rgb(243, 245, 248); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">)</span></p></td><td style="border-left:solid #000000 0.8333325pt;border-right:solid #000000 0.8333325pt;border-bottom:solid #000000 0.8333325pt;border-top:solid #000000 0.8333325pt;vertical-align:top;padding:6pt 6pt 6pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: rgb(243, 245, 248); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Sending exfiltrated data over C&C server</span></p></td></tr></tbody></table></div></span>