Register to stream ATT&CKcon 2.0 October 29-30


Android/Chuli.A is Android malware that was delivered to activist groups via a spearphishing email with an attachment. [1]

ID: S0304
Platforms: Android
Version: 1.1

Techniques Used

Domain ID Name Use
Mobile T1433 Access Call Log Android/Chuli.A stole call logs. [1]
Mobile T1432 Access Contact List Android/Chuli.A stole contact list data stored both on the the phone and the SIM card. [1]
Mobile T1438 Alternate Network Mediums Android/Chuli.A used SMS to receive command and control messages. [1]
Mobile T1412 Capture SMS Messages Android/Chuli.A stole SMS message content. [1]
Mobile T1476 Deliver Malicious App via Other Means Android/Chuli.A was delivered via a spearphishing message containing a malicious Android application as an attachment. [1]
Mobile T1419 Device Type Discovery Android/Chuli.A gathered device data including phone number, OS version, phone model, and SDK version. [1]
Mobile T1430 Location Tracking Android/Chuli.A stole geo-location data. [1]
Mobile T1437 Standard Application Layer Protocol Android/Chuli.A used HTTP uploads to a URL as a command and control mechanism. [1]