{"description": "Mobile techniques used by eSurv, ATT&CK software S0507 (v1.1)", "name": "eSurv (S0507)", "domain": "mobile-attack", "versions": {"layer": "4.5", "attack": "17", "navigator": "5.1.0"}, "techniques": [{"techniqueID": "T1429", "comment": "[eSurv](https://attack.mitre.org/software/S0507) can record audio.(Citation: Lookout eSurv)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1533", "comment": "[eSurv](https://attack.mitre.org/software/S0507) can exfiltrate device pictures.(Citation: Lookout eSurv)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1407", "comment": "[eSurv](https://attack.mitre.org/software/S0507)\u2019s Android version is distributed in three stages: the dropper, the second stage payload, and the third stage payload which is [Exodus](https://attack.mitre.org/software/S0405).(Citation: Lookout eSurv)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1521", "showSubtechniques": true}, {"techniqueID": "T1521.002", "comment": "[eSurv](https://attack.mitre.org/software/S0507)\u2019s Android version has used public key encryption for C2 communication.(Citation: Lookout eSurv)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1521.003", "comment": "[eSurv](https://attack.mitre.org/software/S0507)\u2019s Android version has used certificate pinning for C2 communication.(Citation: Lookout eSurv)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1627", "showSubtechniques": true}, {"techniqueID": "T1627.001", "comment": "[eSurv](https://attack.mitre.org/software/S0507) imposes geo-restrictions when delivering the second stage.(Citation: Lookout eSurv)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1646", "comment": "[eSurv](https://attack.mitre.org/software/S0507) has exfiltrated data using HTTP PUT requests.(Citation: Lookout eSurv)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1430", "comment": "[eSurv](https://attack.mitre.org/software/S0507) can track the device\u2019s location.(Citation: Lookout eSurv)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1636", "showSubtechniques": true}, {"techniqueID": "T1636.003", "comment": "[eSurv](https://attack.mitre.org/software/S0507) can exfiltrate the device\u2019s contact list.(Citation: Lookout eSurv)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1426", "comment": "[eSurv](https://attack.mitre.org/software/S0507)\u2019s iOS version can collect device information.(Citation: Lookout eSurv)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by eSurv", "color": "#66b1ff"}]}