This is a custom instance of the MITRE ATT&CK Website. The official website can be found at attack.mitre.org.
SOFTWARE
SOFTWARE
A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
SilkBean
ID: S0549
ⓘ
Type: MALWARE
ⓘ
Platforms: Android
Version: 1.0
Created: 24 December 2020
Last Modified: 19 April 2021
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Mobile | T1433 | Access Call Log | ||
| Mobile | T1432 | Access Contact List | ||
| Mobile | T1512 | Capture Camera | ||
| Mobile | T1412 | Capture SMS Messages | ||
| Mobile | T1533 | Data from Local System |
SilkBean can retrieve files from external storage and can collect browser data.[1] |
|
| Mobile | T1447 | Delete Device Data |
SilkBean can delete various piece of device data, such as contacts, call logs, applications, SMS messages, email, plugins, and files in external storage.[1] |
|
| Mobile | T1407 | Download New Code at Runtime |
SilkBean can install new applications which are obtained from the C2 server.[1] |
|
| Mobile | T1420 | File and Directory Discovery | ||
| Mobile | T1478 | Install Insecure or Malicious Configuration |
SilkBean has attempted to trick users into enabling installation of applications from unknown sources.[1] |
|
| Mobile | T1430 | Location Tracking | ||
| Mobile | T1444 | Masquerade as Legitimate Application |
SilkBean has been incorporated into trojanized applications, including Uyghur/Arabic focused keyboards, alphabets, and plugins, as well as official-looking Google applications.[1] |
|
| Mobile | T1406 | Obfuscated Files or Information |
SilkBean has hidden malicious functionality in a second stage file and has encrypted C2 server information.[1] |
|
| Mobile | T1582 | SMS Control | ||
| Mobile | T1437 | Standard Application Layer Protocol | ||
| Mobile | T1521 | Standard Cryptographic Protocol | ||
References
×