MobileOrder
MobileOrder is a Trojan intended to compromise Android mobile devices. It has been used by Scarlet Mimic. [1]
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1005 | 从本地系统获取数据 |
MobileOrder exfiltrates data collected from the victim mobile device.[1] |
|
| Enterprise | T1083 | 文件和目录发现 |
MobileOrder has a command to upload to its C2 server information about files on the victim mobile device, including SD card size, installed app list, SMS content, contacts, and calling history.[1] |
|
| Enterprise | T1217 | 浏览器信息发现 |
MobileOrder has a command to upload to its C2 server victim browser bookmarks.[1] |
|
| Enterprise | T1082 | 系统信息发现 |
MobileOrder has a command to upload to its C2 server victim mobile device information, including IMEI, IMSI, SIM card serial number, phone number, Android version, and other information.[1] |
|
| Enterprise | T1105 | 输入工具传输 |
MobileOrder has a command to download a file from the C2 server to the victim mobile device's SD card.[1] |
|
| Enterprise | T1057 | 进程发现 |
MobileOrder has a command to upload information about all running processes to its C2 server.[1] |
|
| Enterprise | T1041 | 通过C2信道渗出 |
MobileOrder exfiltrates data to its C2 server over the same protocol as C2 communications.[1] |
|
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0029 | Scarlet Mimic |