This is a custom instance of the MITRE ATT&CK Website. The official website can be found at attack.mitre.org.

SOFTWARE

Android/AdDisplay.Ashas

Android/Chuli.A

AndroidOS/MalLocker.B

ANDROIDOS_ANSERVER.A

AutoIt backdoor

Backdoor.Oldrea

Caterpillar WebShell

CSPY Downloader

Desert Scorpion

ECCENTRICBANDWAGON

Exaramel for Linux

Exaramel for Windows

Hacking Team UEFI Rootkit

Imminent Monitor

IronNetInjector

Olympic Destroyer

OSX_OCEANLOTUS.D

P.A.S. Webshell

Pass-The-Hash Toolkit

Pegasus for Android

Pegasus for iOS

RemoteUtilities

ShimRatReporter

Trojan-SMS.AndroidOS.Agent.ao

Trojan-SMS.AndroidOS.FakeInst.a

Trojan-SMS.AndroidOS.OpFake.a

Trojan.Karagany

Windows Credential Editor

Winnti for Linux

Winnti for Windows

X-Agent for Android

XLoader for Android

XLoader for iOS

SOFTWARE

1-9

A-B

Android/AdDisplay.Ashas

Android/Chuli.A

AndroidOS/MalLocker.B

ANDROIDOS_ANSERVER.A

AutoIt backdoor

Backdoor.Oldrea

C-D

Caterpillar WebShell

CSPY Downloader

Desert Scorpion

E-F

ECCENTRICBANDWAGON

Exaramel for Linux

Exaramel for Windows

G-H

Hacking Team UEFI Rootkit

I-J

Imminent Monitor

IronNetInjector

K-L

M-N

O-P

Olympic Destroyer

OSX_OCEANLOTUS.D

P.A.S. Webshell

Pass-The-Hash Toolkit

Pegasus for Android

Pegasus for iOS

Q-R

RemoteUtilities

S-T

ShimRatReporter

Trojan-SMS.AndroidOS.Agent.ao

Trojan-SMS.AndroidOS.FakeInst.a

Trojan-SMS.AndroidOS.OpFake.a

Trojan.Karagany

U-V

W-X

Windows Credential Editor

Winnti for Linux

Winnti for Windows

X-Agent for Android

XLoader for Android

XLoader for iOS

Y-Z

Skygofree

Skygofree is Android spyware that is believed to have been developed in 2014 and used through at least 2017. ^[1]

ID: S0327

ⓘ

Type: MALWARE

ⓘ

Platforms: Android

Version: 1.2

Created: 17 October 2018

Last Modified: 15 October 2019

Techniques Used

Domain	ID		Name	Use
Mobile	T1409		Access Stored Application Data	Skygofree has a capability to obtain files from other installed applications.^[1]
Mobile	T1438		Alternate Network Mediums	Skygofree can be controlled via binary SMS.^[1]
Mobile	T1429		Capture Audio	Skygofree can record audio via the microphone when an infected device is in a specified location.^[1]
Mobile	T1512		Capture Camera	Skygofree can record video or capture photos when an infected device is in a specified location.^[1]
Mobile	T1407		Download New Code at Runtime	Skygofree can download executable code from the C2 server after the implant starts or after a specific command.^[1]
Mobile	T1404		Exploit OS Vulnerability	Skygofree has the capability to exploit several known vulnerabilities and escalate privileges.^[1]
Mobile	T1430		Location Tracking	Skygofree can track the device's location.^[1]
Mobile	T1437		Standard Application Layer Protocol	Skygofree can be controlled via HTTP, XMPP, FirebaseCloudMessaging, or GoogleCloudMessaging in older versions.^[1]

References

Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.