Escobar
ID: S1092
ⓘ
Type: MALWARE
ⓘ
Platforms: Android
Contributors: Pooja Natarajan, NEC Corporation India; Hiroki Nagahama, NEC Corporation; Manikantan Srinivasan, NEC Corporation India
Version: 1.0
Created: 28 September 2023
Last Modified: 11 October 2023
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Mobile | T1517 | Access Notifications | ||
| Mobile | T1429 | Audio Capture | ||
| Mobile | T1616 | Call Control | ||
| Mobile | T1533 | Data from Local System | Escobar can collect sensitive information, such as Google Authenticator codes.[1] | |
| Mobile | T1420 | File and Directory Discovery | ||
| Mobile | T1630 | .001 | Indicator Removal on Host:Uninstall Malicious Application | |
| Mobile | T1417 | .001 | Input Capture:Keylogging | |
| .002 | Input Capture:GUI Input Capture | |||
| Mobile | T1430 | Location Tracking | Escobar can request coarse and fine location permissions to track the device.[1] | |
| Mobile | T1461 | Lockscreen Bypass | Escobar can request the | |
| Mobile | T1636 | .002 | Protected User Data:Call Log | |
| .004 | Protected User Data:SMS Messages | |||
| Mobile | T1663 | Remote Access Software | Escobar can use VNC to remotely control an infected device.[1] | |
| Mobile | T1582 | SMS Control | ||
| Mobile | T1409 | Stored Application Data | Escobar can request the | |
| Mobile | T1512 | Video Capture | ||
References
×