{"description": "Mobile techniques used by FakeSpy, ATT&CK software S0509 (v1.0)", "name": "FakeSpy (S0509)", "domain": "mobile-attack", "versions": {"layer": "4.5", "attack": "17", "navigator": "5.1.0"}, "techniques": [{"techniqueID": "T1437", "showSubtechniques": true}, {"techniqueID": "T1437.001", "comment": "[FakeSpy](https://attack.mitre.org/software/S0509) exfiltrates data using HTTP requests.(Citation: Cybereason FakeSpy)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1624", "showSubtechniques": true}, {"techniqueID": "T1624.001", "comment": "[FakeSpy](https://attack.mitre.org/software/S0509) can register for the `BOOT_COMPLETED` broadcast Intent.(Citation: Cybereason FakeSpy)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1628", "showSubtechniques": true}, {"techniqueID": "T1628.001", "comment": "[FakeSpy](https://attack.mitre.org/software/S0509) can hide its icon if it detects that it is being run on an emulator.(Citation: Cybereason FakeSpy)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1655", "showSubtechniques": true}, {"techniqueID": "T1655.001", "comment": "[FakeSpy](https://attack.mitre.org/software/S0509) masquerades as local postal service applications.(Citation: Cybereason FakeSpy)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1406", "comment": "[FakeSpy](https://attack.mitre.org/software/S0509) stores its malicious code in encrypted asset files that are decrypted at runtime. Newer versions of [FakeSpy](https://attack.mitre.org/software/S0509) encrypt the C2 address.(Citation: Cybereason FakeSpy)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1636", "showSubtechniques": true}, {"techniqueID": "T1636.003", "comment": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect the device\u2019s contact list.(Citation: Cybereason FakeSpy)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1636.004", "comment": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect SMS messages.(Citation: Cybereason FakeSpy)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1582", "comment": "[FakeSpy](https://attack.mitre.org/software/S0509) can send SMS messages.(Citation: Cybereason FakeSpy)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1418", "comment": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect a list of installed applications.(Citation: Cybereason FakeSpy)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1409", "comment": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect account information stored on the device, as well as data in external storage.(Citation: Cybereason FakeSpy)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1426", "comment": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect device information, including OS version and device model.(Citation: Cybereason FakeSpy)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1422", "comment": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect device networking information, including phone number, IMEI, and IMSI.(Citation: Cybereason FakeSpy)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1422.001", "comment": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect device networking information, including phone number, IMEI, and IMSI.(Citation: Cybereason FakeSpy)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1421", "comment": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect the device\u2019s network information.(Citation: Cybereason FakeSpy)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1633", "showSubtechniques": true}, {"techniqueID": "T1633.001", "comment": "[FakeSpy](https://attack.mitre.org/software/S0509) can detect if it is running in an emulator and adjust its behavior accordingly.(Citation: Cybereason FakeSpy)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by FakeSpy", "color": "#66b1ff"}]}