This is a custom instance of the MITRE ATT&CK Website. The official website can be found at attack.mitre.org.

SOFTWARE

Android/AdDisplay.Ashas

Android/Chuli.A

AndroidOS/MalLocker.B

ANDROIDOS_ANSERVER.A

AutoIt backdoor

Backdoor.Oldrea

Caterpillar WebShell

CSPY Downloader

Desert Scorpion

ECCENTRICBANDWAGON

Exaramel for Linux

Exaramel for Windows

Hacking Team UEFI Rootkit

Imminent Monitor

IronNetInjector

Olympic Destroyer

OSX_OCEANLOTUS.D

P.A.S. Webshell

Pass-The-Hash Toolkit

Pegasus for Android

Pegasus for iOS

RemoteUtilities

ShimRatReporter

Trojan-SMS.AndroidOS.Agent.ao

Trojan-SMS.AndroidOS.FakeInst.a

Trojan-SMS.AndroidOS.OpFake.a

Trojan.Karagany

Windows Credential Editor

Winnti for Linux

Winnti for Windows

X-Agent for Android

XLoader for Android

XLoader for iOS

SOFTWARE

1-9

A-B

Android/AdDisplay.Ashas

Android/Chuli.A

AndroidOS/MalLocker.B

ANDROIDOS_ANSERVER.A

AutoIt backdoor

Backdoor.Oldrea

C-D

Caterpillar WebShell

CSPY Downloader

Desert Scorpion

E-F

ECCENTRICBANDWAGON

Exaramel for Linux

Exaramel for Windows

G-H

Hacking Team UEFI Rootkit

I-J

Imminent Monitor

IronNetInjector

K-L

M-N

O-P

Olympic Destroyer

OSX_OCEANLOTUS.D

P.A.S. Webshell

Pass-The-Hash Toolkit

Pegasus for Android

Pegasus for iOS

Q-R

RemoteUtilities

S-T

ShimRatReporter

Trojan-SMS.AndroidOS.Agent.ao

Trojan-SMS.AndroidOS.FakeInst.a

Trojan-SMS.AndroidOS.OpFake.a

Trojan.Karagany

U-V

W-X

Windows Credential Editor

Winnti for Linux

Winnti for Windows

X-Agent for Android

XLoader for Android

XLoader for iOS

Y-Z

Zen

Zen is Android malware that was first seen in 2013.^[1]

ID: S0494

ⓘ

Type: MALWARE

ⓘ

Platforms: Android

Version: 1.0

Created: 27 July 2020

Last Modified: 11 August 2020

Techniques Used

Domain	ID		Name	Use
Mobile	T1540		Code Injection	Zen can inject code into the Setup Wizard at runtime to extract CAPTCHA images. Zen can inject code into the `libc` of running processes to infect them with the malware.^[1]
Mobile	T1475		Deliver Malicious App via Authorized App Store	Zen has been distributed via the Google Play Store.^[1]
Mobile	T1407		Download New Code at Runtime	Zen can dynamically load executable code from remote sources.^[1]
Mobile	T1404		Exploit OS Vulnerability	Zen can obtain root access via a rooting trojan in its infection chain.^[1]
Mobile	T1472		Generate Fraudulent Advertising Revenue	Zen can simulate user clicks on ads.^[1]
Mobile	T1516		Input Injection	Zen can simulate user clicks on ads and system prompts to create new Google accounts.^[1]
Mobile	T1478		Install Insecure or Malicious Configuration	Zen can modify the SELinux enforcement mode.^[1]
Mobile	T1400		Modify System Partition	Zen can install itself on the system partition to achieve persistence. Zen can also replace `framework.jar`, which allows it to intercept and modify the behavior of the standard Android API.^[1]
Mobile	T1406		Obfuscated Files or Information	Zen base64 encodes one of the strings it searches for.^[1]

References

Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020.