Android/Chuli.A is Android malware that was delivered to activist groups via a spearphishing email with an attachment. [1]

ID: S0304
Platforms: Android
Version: 1.2
Created: 25 October 2017
Last Modified: 24 October 2022

Techniques Used

Domain ID Name Use
Mobile T1437 .001 Application Layer Protocol: Web Protocols

Android/Chuli.A used HTTP uploads to a URL as a command and control mechanism.[1]

Mobile T1430 Location Tracking

Android/Chuli.A stole geo-location data.[1]

Mobile T1644 Out of Band Data

Android/Chuli.A used SMS to receive command and control messages.[1]

Mobile T1636 .002 Protected User Data: Call Log

Android/Chuli.A stole call logs.[1]

.003 Protected User Data: Contact List

Android/Chuli.A stole contact list data stored both on the the phone and the SIM card.[1]

.004 Protected User Data: SMS Messages

Android/Chuli.A stole SMS message content.[1]

Mobile T1426 System Information Discovery

Android/Chuli.A gathered system information including phone number, OS version, phone model, and SDK version.[1]