ANDROIDOS_ANSERVER.A is Android malware that is unique because it uses encrypted content within a blog site for command and control. [1]
Domain | ID | Name | Use | |
---|---|---|---|---|
Mobile | T1426 | System Information Discovery |
ANDROIDOS_ANSERVER.A gathers the device OS version, device build version, manufacturer, and model.[2] |
|
Mobile | T1422 | System Network Configuration Discovery |
ANDROIDOS_ANSERVER.A gathers the device IMEI and IMSI.[2] |
|
Mobile | T1481 | .001 | Web Service: Dead Drop Resolver |
ANDROIDOS_ANSERVER.A uses encrypted content within a blog site for part of its command and control. Specifically, the encrypted content contains URLs for other servers to be used for other aspects of command and control.[1] |