{"description": "Mobile techniques used by Stealth Mango, ATT&CK software S0328 (v1.3)", "name": "Stealth Mango (S0328)", "domain": "mobile-attack", "versions": {"layer": "4.5", "attack": "17", "navigator": "5.1.0"}, "techniques": [{"techniqueID": "T1429", "comment": "[Stealth Mango](https://attack.mitre.org/software/S0328) can record audio using the device microphone.(Citation: Lookout-StealthMango)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1533", "comment": "[Stealth Mango](https://attack.mitre.org/software/S0328) collected and exfiltrated data from the device, including sensitive letters/documents, stored photos, and stored audio files.(Citation: Lookout-StealthMango)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1456", "comment": "[Stealth Mango](https://attack.mitre.org/software/S0328) is delivered via a a watering hole website that mimics the third-party Android app store APKMonk. In at least one case, the watering hole URL was distributed through Facebook Messenger.(Citation: Lookout-StealthMango)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1430", "comment": "[Stealth Mango](https://attack.mitre.org/software/S0328) can perform GPS location tracking as well as capturing coordinates as when an SMS message or call is received.(Citation: Lookout-StealthMango)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1644", "comment": "[Stealth Mango](https://attack.mitre.org/software/S0328) uses commands received from text messages for C2.(Citation: Lookout-StealthMango)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1636", "showSubtechniques": true}, {"techniqueID": "T1636.001", "comment": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads calendar events and reminders.(Citation: Lookout-StealthMango)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1636.002", "comment": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads call logs.(Citation: Lookout-StealthMango)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1636.003", "comment": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads contact lists for various third-party applications such as Yahoo, AIM, GoogleTalk, Skype, QQ, and others.(Citation: Lookout-StealthMango)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1636.004", "comment": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads SMS messages.(Citation: Lookout-StealthMango)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1582", "comment": "[Stealth Mango](https://attack.mitre.org/software/S0328) deletes incoming SMS messages from specified numbers, including those that contain particular strings.(Citation: Lookout-StealthMango)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1418", "comment": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads information about installed packages.(Citation: Lookout-StealthMango)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1474", "showSubtechniques": true}, {"techniqueID": "T1474.003", "comment": "In at least one case, [Stealth Mango](https://attack.mitre.org/software/S0328) may have been installed using physical access to the device by a repair shop.(Citation: Lookout-StealthMango)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1422", "comment": "[Stealth Mango](https://attack.mitre.org/software/S0328) collects and uploads information about changes in SIM card or phone numbers on the device.(Citation: Lookout-StealthMango)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1512", "comment": "[Stealth Mango](https://attack.mitre.org/software/S0328) can record and take pictures using the front and back cameras.(Citation: Lookout-StealthMango)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by Stealth Mango", "color": "#66b1ff"}]}