Domain | ID | Name | Use | |
---|---|---|---|---|
Mobile | T1517 | Access Notifications | ||
Mobile | T1429 | Audio Capture | ||
Mobile | T1616 | Call Control | ||
Mobile | T1533 | Data from Local System |
Escobar can collect sensitive information, such as Google Authenticator codes.[1] |
|
Mobile | T1420 | File and Directory Discovery | ||
Mobile | T1630 | .001 | Indicator Removal on Host: Uninstall Malicious Application | |
Mobile | T1417 | .001 | Input Capture: Keylogging | |
.002 | Input Capture: GUI Input Capture | |||
Mobile | T1430 | Location Tracking |
Escobar can request coarse and fine location permissions to track the device.[1] |
|
Mobile | T1461 | Lockscreen Bypass |
Escobar can request the |
|
Mobile | T1636 | .002 | Protected User Data: Call Log | |
.004 | Protected User Data: SMS Messages | |||
Mobile | T1663 | Remote Access Software |
Escobar can use VNC to remotely control an infected device.[1] |
|
Mobile | T1582 | SMS Control | ||
Mobile | T1409 | Stored Application Data |
Escobar can request the |
|
Mobile | T1512 | Video Capture |