This is a custom instance of the MITRE ATT&CK Website. The official website can be found at attack.mitre.org.

SOFTWARE

Android/AdDisplay.Ashas

Android/Chuli.A

AndroidOS/MalLocker.B

ANDROIDOS_ANSERVER.A

AutoIt backdoor

Backdoor.Oldrea

Caterpillar WebShell

CSPY Downloader

Desert Scorpion

ECCENTRICBANDWAGON

Exaramel for Linux

Exaramel for Windows

Hacking Team UEFI Rootkit

Imminent Monitor

IronNetInjector

Olympic Destroyer

OSX_OCEANLOTUS.D

P.A.S. Webshell

Pass-The-Hash Toolkit

Pegasus for Android

Pegasus for iOS

RemoteUtilities

ShimRatReporter

Trojan-SMS.AndroidOS.Agent.ao

Trojan-SMS.AndroidOS.FakeInst.a

Trojan-SMS.AndroidOS.OpFake.a

Trojan.Karagany

Windows Credential Editor

Winnti for Linux

Winnti for Windows

X-Agent for Android

XLoader for Android

XLoader for iOS

SOFTWARE

1-9

A-B

Android/AdDisplay.Ashas

Android/Chuli.A

AndroidOS/MalLocker.B

ANDROIDOS_ANSERVER.A

AutoIt backdoor

Backdoor.Oldrea

C-D

Caterpillar WebShell

CSPY Downloader

Desert Scorpion

E-F

ECCENTRICBANDWAGON

Exaramel for Linux

Exaramel for Windows

G-H

Hacking Team UEFI Rootkit

I-J

Imminent Monitor

IronNetInjector

K-L

M-N

O-P

Olympic Destroyer

OSX_OCEANLOTUS.D

P.A.S. Webshell

Pass-The-Hash Toolkit

Pegasus for Android

Pegasus for iOS

Q-R

RemoteUtilities

S-T

ShimRatReporter

Trojan-SMS.AndroidOS.Agent.ao

Trojan-SMS.AndroidOS.FakeInst.a

Trojan-SMS.AndroidOS.OpFake.a

Trojan.Karagany

U-V

W-X

Windows Credential Editor

Winnti for Linux

Winnti for Windows

X-Agent for Android

XLoader for Android

XLoader for iOS

Y-Z

BrainTest

BrainTest is a family of Android malware. ^[1] ^[2]

ID: S0293

ⓘ

Type: MALWARE

ⓘ

Platforms: Android

Version: 1.1

Created: 25 October 2017

Last Modified: 11 December 2018

Techniques Used

Domain	ID		Name	Use
Mobile	T1407		Download New Code at Runtime	Original samples of BrainTest download their exploit packs for rooting from a remote server after installation.^[2]
Mobile	T1404		Exploit OS Vulnerability	Some original variants of BrainTest had the capability to automatically root some devices, but that behavior was not observed in later samples.^[2]
Mobile	T1452		Manipulate App Store Rankings or Ratings	BrainTest provided capabilities that allowed developers to use compromised devices to post positive reviews on their own malicious applications as well as download other malicious applications they had submitted to the Play Store.^[2]
Mobile	T1400		Modify System Partition	BrainTest uses root privileges (if available) to copy an additional Android app package (APK) to /system/priv-app to maintain persistence even after a factory reset.^[2]
Mobile	T1406		Obfuscated Files or Information	BrainTest stores a secondary Android app package (APK) in its assets directory in encrypted form, and decrypts the payload at runtime.^[2]

References

Andrey Polkovnichenko and Alon Boxiner. (2015, September 21). BrainTest – A New Level of Sophistication in Mobile Malware. Retrieved December 21, 2016.

Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December 21, 2016.