Android/Chuli.A
Android/Chuli.A is Android malware that was delivered to activist groups via a spearphishing email with an attachment. [1]
ID: S0304
ⓘ
Type: MALWARE
ⓘ
Platforms: Android
Version: 1.2
Created: 25 October 2017
Last Modified: 24 October 2022
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Mobile | T1437 | .001 | Application Layer Protocol: Web Protocols |
Android/Chuli.A used HTTP uploads to a URL as a command and control mechanism.[1] |
| Mobile | T1430 | Location Tracking |
Android/Chuli.A stole geo-location data.[1] |
|
| Mobile | T1644 | Out of Band Data |
Android/Chuli.A used SMS to receive command and control messages.[1] |
|
| Mobile | T1636 | .002 | Protected User Data: Call Log |
Android/Chuli.A stole call logs.[1] |
| .003 | Protected User Data: Contact List |
Android/Chuli.A stole contact list data stored both on the the phone and the SIM card.[1] |
||
| .004 | Protected User Data: SMS Messages |
Android/Chuli.A stole SMS message content.[1] |
||
| Mobile | T1426 | System Information Discovery |
Android/Chuli.A gathered system information including phone number, OS version, phone model, and SDK version.[1] |
|