Android/Chuli.A is Android malware that was delivered to activist groups via a spearphishing email with an attachment. [1]

ID: S0304
Platforms: Android

Version: 1.1

Techniques Used

MobileT1433Access Call LogAndroid/Chuli.A stole call logs.[1]
MobileT1432Access Contact ListAndroid/Chuli.A stole contact list data stored both on the the phone and the SIM card.[1]
MobileT1438Alternate Network MediumsAndroid/Chuli.A used SMS to receive command and control messages.[1]
MobileT1412Capture SMS MessagesAndroid/Chuli.A stole SMS message content.[1]
MobileT1476Deliver Malicious App via Other MeansAndroid/Chuli.A was delivered via a spearphishing message containing a malicious Android application as an attachment.[1]
MobileT1419Device Type DiscoveryAndroid/Chuli.A gathered device data including phone number, OS version, phone model, and SDK version.[1]
MobileT1430Location TrackingAndroid/Chuli.A stole geo-location data.[1]
MobileT1437Standard Application Layer ProtocolAndroid/Chuli.A used HTTP uploads to a URL as a command and control mechanism.[1]