1. Home
  2. Software
  3. HilalRAT

HilalRAT

HilalRAT is a remote access-capable Android malware, developed and used by UNC788.[1] HilalRAT is capable of collecting data, such as device location, call logs, etc., and is capable of executing actions, such as activating a device's camera and microphone.[1]

ID: S1128
Type: MALWARE
Platforms: Android
Contributors: Denise Tan
Version: 1.0
Created: 02 April 2024
Last Modified: 10 April 2024
Version Permalink
Mobile Layer
download view

Techniques Used

Domain ID Name Use
Mobile T1429 Audio Capture

HilalRAT can activate a device’s microphone.[1]
Mobile T1430 Location Tracking

HilalRAT can access a device’s location.[1]
Mobile T1636 .003 Protected User Data: Contact List

HilalRAT can retrieve a device’s contact list.[1]
.004 Protected User Data: SMS Messages

HilalRAT can retrieve a device’s SMS messages.[1]
Mobile T1409 Stored Application Data

HilalRAT can access and retrieve files on a device.[1]
Mobile T1512 Video Capture

HilalRAT can activate a device’s camera.[1]

Groups That Use This Software

ID Name References
G1029 UNC788

[1]

References

  1. Agranovich, D., et al. (2022, April). Adversarial Threat Report. Retrieved April 2, 2024.