Android/Chuli.A is Android malware that was delivered to activist groups via a spearphishing email with an attachment. [1]

ID: S0304
Platforms: Android
Version: 1.1

Techniques Used

Domain ID Name Use
Mobile T1433 Access Call Log Android/Chuli.A stole call logs.[1]
Mobile T1432 Access Contact List Android/Chuli.A stole contact list data stored both on the the phone and the SIM card.[1]
Mobile T1438 Alternate Network Mediums Android/Chuli.A used SMS to receive command and control messages.[1]
Mobile T1412 Capture SMS Messages Android/Chuli.A stole SMS message content.[1]
Mobile T1476 Deliver Malicious App via Other Means Android/Chuli.A was delivered via a spearphishing message containing a malicious Android application as an attachment.[1]
Mobile T1419 Device Type Discovery Android/Chuli.A gathered device data including phone number, OS version, phone model, and SDK version.[1]
Mobile T1430 Location Tracking Android/Chuli.A stole geo-location data.[1]
Mobile T1437 Standard Application Layer Protocol Android/Chuli.A used HTTP uploads to a URL as a command and control mechanism.[1]