This is a custom instance of the MITRE ATT&CK Website. The official website can be found at attack.mitre.org.
SOFTWARE
SOFTWARE
A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
WolfRAT
ID: S0489
ⓘ
Type: MALWARE
ⓘ
Platforms: Android
Version: 1.0
Created: 20 July 2020
Last Modified: 11 September 2020
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Mobile | T1433 | Access Call Log | ||
| Mobile | T1432 | Access Contact List | ||
| Mobile | T1517 | Access Notifications | ||
| Mobile | T1418 | Application Discovery | ||
| Mobile | T1429 | Capture Audio | ||
| Mobile | T1512 | Capture Camera | ||
| Mobile | T1412 | Capture SMS Messages | ||
| Mobile | T1533 | Data from Local System |
WolfRAT can collect user account, photos, browser history, and arbitrary files.[1] |
|
| Mobile | T1447 | Delete Device Data | ||
| Mobile | T1407 | Download New Code at Runtime | ||
| Mobile | T1523 | Evade Analysis Environment | ||
| Mobile | T1444 | Masquerade as Legitimate Application |
WolfRAT has masqueraded as "Google service", "GooglePlay", and "Flash update".[1] |
|
| Mobile | T1406 | Obfuscated Files or Information | ||
| Mobile | T1424 | Process Discovery |
WolfRAT uses |
|
| Mobile | T1513 | Screen Capture |
WolfRAT can record the screen and take screenshots to capture messages from Line, Facebook Messenger, and WhatsApp.[1] |
|
| Mobile | T1582 | SMS Control | ||
| Mobile | T1422 | System Network Configuration Discovery |
WolfRAT sends the device’s IMEI with each exfiltration request.[1] |
|
References
×