ANDROIDOS_ANSERVER.A

ANDROIDOS_ANSERVER.A is Android malware that is unique because it uses encrypted content within a blog site for command and control. [1]

ID: S0310
Type: MALWARE
Platforms: Android
Version: 1.2

Techniques Used

Domain ID Name Use
Mobile T1419 Device Type Discovery ANDROIDOS_ANSERVER.A gathers the device build version, manufacturer, and model.[2]
Mobile T1426 System Information Discovery ANDROIDOS_ANSERVER.A gathers the device OS version.[2]
Mobile T1421 System Network Connections Discovery ANDROIDOS_ANSERVER.A gathers the device IMEI and IMSI.[2]
Mobile T1481 Web Service ANDROIDOS_ANSERVER.A uses encrypted content within a blog site for part of its command and control. Specifically, the encrypted content contains URLs for other servers to be used for other aspects of command and control.[1]

References