{"description": "Mobile techniques used by INSOMNIA, ATT&CK software S0463 (v1.0)", "name": "INSOMNIA (S0463)", "domain": "mobile-attack", "versions": {"layer": "4.5", "attack": "18", "navigator": "5.2.0"}, "techniques": [{"techniqueID": "T1437", "showSubtechniques": true}, {"techniqueID": "T1437.001", "comment": "[INSOMNIA](https://attack.mitre.org/software/S0463) communicates with the C2 server using HTTPS requests.(Citation: Volexity Insomnia)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1634", "showSubtechniques": true}, {"techniqueID": "T1634.001", "comment": "[INSOMNIA](https://attack.mitre.org/software/S0463) can extract the device\u2019s keychain.(Citation: Google Project Zero Insomnia)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1533", "comment": "[INSOMNIA](https://attack.mitre.org/software/S0463) can collect application database files, including Gmail, Hangouts, device photos, and container directories of third-party apps.(Citation: Google Project Zero Insomnia)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1456", "comment": "[INSOMNIA](https://attack.mitre.org/software/S0463) has utilized malicious JavaScript and iframes to exploit WebKit running on vulnerable iOS 12 devices.(Citation: Volexity Insomnia)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1404", "comment": "[INSOMNIA](https://attack.mitre.org/software/S0463) exploits a WebKit vulnerability to achieve root access on the device.(Citation: Volexity Insomnia)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1430", "comment": "[INSOMNIA](https://attack.mitre.org/software/S0463) can track the device\u2019s location.(Citation: Google Project Zero Insomnia)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1509", "comment": "[INSOMNIA](https://attack.mitre.org/software/S0463) has communicated with the C2 using HTTPS requests over ports 43111, 43223, and 43773.(Citation: Volexity Insomnia)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1406", "comment": "[INSOMNIA](https://attack.mitre.org/software/S0463) obfuscates various pieces of information within the application.(Citation: Volexity Insomnia) ", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1631", "showSubtechniques": true}, {"techniqueID": "T1631.001", "comment": "[INSOMNIA](https://attack.mitre.org/software/S0463) grants itself permissions by injecting its hash into the kernel\u2019s trust cache.(Citation: Google Project Zero Insomnia)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1636", "showSubtechniques": true}, {"techniqueID": "T1636.002", "comment": "[INSOMNIA](https://attack.mitre.org/software/S0463) can retrieve the call history.(Citation: Google Project Zero Insomnia)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1636.003", "comment": "[INSOMNIA](https://attack.mitre.org/software/S0463) can collect the device\u2019s contact list.(Citation: Google Project Zero Insomnia)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1636.004", "comment": "[INSOMNIA](https://attack.mitre.org/software/S0463) can retrieve SMS messages and iMessages.(Citation: Google Project Zero Insomnia)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1418", "comment": "[INSOMNIA](https://attack.mitre.org/software/S0463) can obtain a list of installed non-Apple applications.(Citation: Google Project Zero Insomnia)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1426", "comment": "[INSOMNIA](https://attack.mitre.org/software/S0463) can collect the device\u2019s name, serial number, iOS version, total disk space, and free disk space.(Citation: Google Project Zero Insomnia) ", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1422", "comment": "[INSOMNIA](https://attack.mitre.org/software/S0463) can collect the device\u2019s phone number, ICCID, IMEI, and the currently active network interface (Wi-Fi or cellular).(Citation: Google Project Zero Insomnia)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1422.001", "comment": "[INSOMNIA](https://attack.mitre.org/software/S0463) can collect the device\u2019s phone number, ICCID, IMEI, and the currently active network interface (Wi-Fi or cellular).(Citation: Google Project Zero Insomnia)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1422.002", "comment": "[INSOMNIA](https://attack.mitre.org/software/S0463) can collect the device\u2019s phone number, ICCID, IMEI, and the currently active network interface (Wi-Fi or cellular).(Citation: Google Project Zero Insomnia)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by INSOMNIA", "color": "#66b1ff"}]}