ANDROIDOS_ANSERVER.A

ANDROIDOS_ANSERVER.A is Android malware that is unique because it uses encrypted content within a blog site for command and control. [1]

ID: S0310
Type: MALWARE
Platforms: Android

Version: 1.2

Techniques Used

DomainIDNameUse
MobileT1419Device Type DiscoveryANDROIDOS_ANSERVER.A gathers the device build version, manufacturer, and model.[2]
MobileT1426System Information DiscoveryANDROIDOS_ANSERVER.A gathers the device OS version.[2]
MobileT1421System Network Connections Discovery ANDROIDOS_ANSERVER.A gathers the device IMEI and IMSI.[2]
MobileT1481Web ServiceANDROIDOS_ANSERVER.A uses encrypted content within a blog site for part of its command and control. Specifically, the encrypted content contains URLs for other servers to be used for other aspects of command and control.[1]

References