ViperRAT
ID: S0506
ⓘ
Type: MALWARE
ⓘ
Platforms: Android
Version: 1.0
Created: 11 September 2020
Last Modified: 29 September 2020
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Mobile | T1429 | Audio Capture | ||
| Mobile | T1533 | Data from Local System |
ViperRAT can collect device photos, PDF documents, Office documents, browser history, and browser bookmarks.[1] |
|
| Mobile | T1407 | Download New Code at Runtime |
ViperRAT has been installed in two stages and can secretly install new applications.[1] |
|
| Mobile | T1430 | Location Tracking | ||
| Mobile | T1655 | .001 | Masquerading: Match Legitimate Name or Location |
ViperRAT’s second stage has masqueraded as "System Updates", "Viber Update", and "WhatsApp Update".[1] |
| Mobile | T1636 | .002 | Protected User Data: Call Log | |
| .003 | Protected User Data: Contact List | |||
| .004 | Protected User Data: SMS Messages | |||
| Mobile | T1426 | System Information Discovery |
ViperRAT can collect system information, including brand, manufacturer, and serial number.[1] |
|
| Mobile | T1422 | System Network Configuration Discovery |
ViperRAT can collect network configuration data from the device, including phone number, SIM operator, and network operator.[1] |
|
| .001 | Internet Connection Discovery |
ViperRAT can collect network configuration data from the device, including phone number, SIM operator, and network operator.[1] |
||
| Mobile | T1421 | System Network Connections Discovery |
ViperRAT can collect the device’s cell tower information.[1] |
|
| Mobile | T1512 | Video Capture | ||