X-Agent for Android

X-Agent for Android is Android malware that was placed in a repackaged version of a Ukrainian artillery targeting application. The malware reportedly retrieved general location data on where the victim device was used, and therefore could likely indicate the potential location of Ukrainian artillery. [1] Is it tracked separately from the CHOPSTICK.

ID: S0314
Version: 1.0
Created: 25 October 2017
Last Modified: 24 October 2022

Techniques Used

Domain ID Name Use
Mobile T1430 Location Tracking

X-Agent for Android was believed to have been used to obtain locational data of Ukrainian artillery forces.[1]

Mobile T1655 .001 Masquerading: Match Legitimate Name or Location

X-Agent for Android was placed in a repackaged version of an application used by Ukrainian artillery forces.[1]

Groups That Use This Software

ID Name References
G0007 APT28