{"description": "Mobile techniques used by Ginp, ATT&CK software S0423 (v1.1)", "name": "Ginp (S0423)", "domain": "mobile-attack", "versions": {"layer": "4.5", "attack": "18", "navigator": "5.2.0"}, "techniques": [{"techniqueID": "T1533", "comment": " [Ginp](https://attack.mitre.org/software/S0423) can download device logs.(Citation: ThreatFabric Ginp) ", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1628", "showSubtechniques": true}, {"techniqueID": "T1628.001", "comment": "[Ginp](https://attack.mitre.org/software/S0423) hides its icon after installation.(Citation: ThreatFabric Ginp)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1417", "showSubtechniques": true}, {"techniqueID": "T1417.002", "comment": "[Ginp](https://attack.mitre.org/software/S0423) can use a multi-step phishing overlay to capture banking credentials and then credit card numbers after login.(Citation: ThreatFabric Ginp)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1516", "comment": " [Ginp](https://attack.mitre.org/software/S0423) can inject input to make itself the default SMS handler.(Citation: ThreatFabric Ginp) ", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1655", "showSubtechniques": true}, {"techniqueID": "T1655.001", "comment": "[Ginp](https://attack.mitre.org/software/S0423) has masqueraded as \u201cAdobe Flash Player\u201d and \u201cGoogle Play Verificator\u201d.(Citation: ThreatFabric Ginp)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1406", "comment": "[Ginp](https://attack.mitre.org/software/S0423) obfuscates its payload, code, and strings.(Citation: ThreatFabric Ginp)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1636", "showSubtechniques": true}, {"techniqueID": "T1636.003", "comment": "[Ginp](https://attack.mitre.org/software/S0423) can download the device\u2019s contact list.(Citation: ThreatFabric Ginp)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1636.004", "comment": "[Ginp](https://attack.mitre.org/software/S0423) can collect SMS messages.(Citation: ThreatFabric Ginp)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1513", "comment": "[Ginp](https://attack.mitre.org/software/S0423) can capture device screenshots and stream them back to the C2.(Citation: ThreatFabric Ginp)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1582", "comment": "[Ginp](https://attack.mitre.org/software/S0423) can send SMS messages.(Citation: ThreatFabric Ginp)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1418", "comment": "[Ginp](https://attack.mitre.org/software/S0423) can obtain a list of installed applications.(Citation: ThreatFabric Ginp)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1633", "showSubtechniques": true}, {"techniqueID": "T1633.001", "comment": "[Ginp](https://attack.mitre.org/software/S0423) can determine if it is running in an emulator.(Citation: ThreatFabric Ginp)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by Ginp", "color": "#66b1ff"}]}