{"description": "Mobile techniques used by Sunbird, ATT&CK software S1082 (v1.0)", "name": "Sunbird (S1082)", "domain": "mobile-attack", "versions": {"layer": "4.5", "attack": "18", "navigator": "5.2.0"}, "techniques": [{"techniqueID": "T1626", "showSubtechniques": true}, {"techniqueID": "T1626.001", "comment": "[Sunbird](https://attack.mitre.org/software/S1082) can request device administrator privileges. (Citation: lookout_hornbill_sunbird_0221)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1532", "comment": "[Sunbird](https://attack.mitre.org/software/S1082) can exfiltrate collected data as a ZIP file.(Citation: lookout_hornbill_sunbird_0221)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1429", "comment": "[Sunbird](https://attack.mitre.org/software/S1082) can record environmental and call audio.(Citation: lookout_hornbill_sunbird_0221)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1623", "showSubtechniques": true}, {"techniqueID": "T1623.001", "comment": "[Sunbird](https://attack.mitre.org/software/S1082) can try to run arbitrary commands as root.(Citation: lookout_hornbill_sunbird_0221)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1533", "comment": "[Sunbird](https://attack.mitre.org/software/S1082) can access images stored on external storage.(Citation: lookout_hornbill_sunbird_0221)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1646", "comment": "[Sunbird](https://attack.mitre.org/software/S1082) can exfiltrate compressed ZIP files containing gathered info to C2 infrastructure.(Citation: lookout_hornbill_sunbird_0221)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1544", "comment": "[Sunbird](https://attack.mitre.org/software/S1082) can download adversary specified content from FTP shares.(Citation: lookout_hornbill_sunbird_0221)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1430", "comment": "[Sunbird](https://attack.mitre.org/software/S1082) can access a device\u2019s location.(Citation: lookout_hornbill_sunbird_0221)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1636", "showSubtechniques": true}, {"techniqueID": "T1636.001", "comment": "[Sunbird](https://attack.mitre.org/software/S1082) can exfiltrate calendar information.(Citation: lookout_hornbill_sunbird_0221)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1636.002", "comment": "[Sunbird](https://attack.mitre.org/software/S1082) can exfiltrate call logs.(Citation: lookout_hornbill_sunbird_0221)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1636.003", "comment": "[Sunbird](https://attack.mitre.org/software/S1082) can exfiltrate a device's contacts.(Citation: lookout_hornbill_sunbird_0221)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1513", "comment": "[Sunbird](https://attack.mitre.org/software/S1082) can take screenshots and abuse accessibility services to scrape BlackBerry Messenger and WhatsApp messages, contacts, and notifications(Citation: lookout_hornbill_sunbird_0221)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1418", "comment": "[Sunbird](https://attack.mitre.org/software/S1082) can exfiltrate a list of installed applications.(Citation: lookout_hornbill_sunbird_0221)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1409", "comment": "[Sunbird](https://attack.mitre.org/software/S1082) can exfiltrate browser history, BlackBerry Messenger files, IMO instant messaging content, and WhatsApp voice notes.(Citation: lookout_hornbill_sunbird_0221)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1426", "comment": "[Sunbird](https://attack.mitre.org/software/S1082) can exfiltrate the victim device ID, model, manufacturer, and Android version.(Citation: lookout_hornbill_sunbird_0221)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1422", "comment": "[Sunbird](https://attack.mitre.org/software/S1082) can exfiltrate phone number and IMEI.(Citation: lookout_hornbill_sunbird_0221)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1512", "comment": "[Sunbird](https://attack.mitre.org/software/S1082) can access a device\u2019s camera and take photos.(Citation: lookout_hornbill_sunbird_0221)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by Sunbird", "color": "#66b1ff"}]}