Android/Chuli.A

Android/Chuli.A is Android malware that was delivered to activist groups via a spearphishing email with an attachment. [1]

ID: S0304
Type: MALWARE
Platforms: Android
Version: 1.2

Techniques Used

Domain ID Name Use
Mobile T1433 Access Call Log

Android/Chuli.A stole call logs.[1]

Mobile T1432 Access Contact List

Android/Chuli.A stole contact list data stored both on the the phone and the SIM card.[1]

Mobile T1438 Alternate Network Mediums

Android/Chuli.A used SMS to receive command and control messages.[1]

Mobile T1412 Capture SMS Messages

Android/Chuli.A stole SMS message content.[1]

Mobile T1476 Deliver Malicious App via Other Means

Android/Chuli.A was delivered via a spearphishing message containing a malicious Android application as an attachment.[1]

Mobile T1430 Location Tracking

Android/Chuli.A stole geo-location data.[1]

Mobile T1437 Standard Application Layer Protocol

Android/Chuli.A used HTTP uploads to a URL as a command and control mechanism.[1]

Mobile T1426 System Information Discovery

Android/Chuli.A gathered system information including phone number, OS version, phone model, and SDK version.[1]

References