ViperRAT

ViperRAT is sophisticated surveillanceware that has been in operation since at least 2015 and was used to target the Israeli Defense Force.[1]

ID: S0506
Type: MALWARE
Platforms: Android
Version: 1.0
Created: 11 September 2020
Last Modified: 29 September 2020

Techniques Used

Domain ID Name Use
Mobile T1433 Access Call Log

ViperRAT can collect the device’s call log.[1]

Mobile T1432 Access Contact List

ViperRAT can collect the device’s contact list.[1]

Mobile T1429 Capture Audio

ViperRAT can collect and record audio content.[1]

Mobile T1512 Capture Camera

ViperRAT can take photos with the device camera.[1]

Mobile T1412 Capture SMS Messages

ViperRAT can collect SMS messages.[1]

Mobile T1533 Data from Local System

ViperRAT can collect device photos, PDF documents, Office documents, browser history, and browser bookmarks.[1]

Mobile T1476 Deliver Malicious App via Other Means

ViperRAT has been distributed through 3rd party websites.[1]

Mobile T1407 Download New Code at Runtime

ViperRAT has been installed in two stages and can secretly install new applications.[1]

Mobile T1430 Location Tracking

ViperRAT can track the device’s location.[1]

Mobile T1444 Masquerade as Legitimate Application

ViperRAT’s second stage has masqueraded as "System Updates", "Viber Update", and "WhatsApp Update".[1]

Mobile T1507 Network Information Discovery

ViperRAT can collect the device’s cell tower information.[1]

Mobile T1426 System Information Discovery

ViperRAT can collect system information, including brand, manufacturer, and serial number.[1]

Mobile T1422 System Network Configuration Discovery

ViperRAT can collect network configuration data from the device, including phone number, SIM operator, and network operator.[1]

References