{"description": "Mobile techniques used by Exobot, ATT&CK software S0522 (v1.0)", "name": "Exobot (S0522)", "domain": "mobile-attack", "versions": {"layer": "4.5", "attack": "17", "navigator": "5.1.0"}, "techniques": [{"techniqueID": "T1626", "showSubtechniques": true}, {"techniqueID": "T1626.001", "comment": "[Exobot](https://attack.mitre.org/software/S0522) can request device administrator permissions.(Citation: Threat Fabric Exobot)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1437", "showSubtechniques": true}, {"techniqueID": "T1437.001", "comment": "[Exobot](https://attack.mitre.org/software/S0522) has used HTTPS for C2 communication.(Citation: Threat Fabric Exobot)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1642", "comment": "[Exobot](https://attack.mitre.org/software/S0522) can lock the device with a password and permanently disable the screen.(Citation: Threat Fabric Exobot)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1624", "showSubtechniques": true}, {"techniqueID": "T1624.001", "comment": "[Exobot](https://attack.mitre.org/software/S0522) has registered to receive the `BOOT_COMPLETED` broadcast intent.(Citation: Threat Fabric Exobot)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1417", "showSubtechniques": true}, {"techniqueID": "T1417.001", "comment": "[Exobot](https://attack.mitre.org/software/S0522) has used web injects to capture users\u2019 credentials.(Citation: Threat Fabric Exobot)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1417.002", "comment": "[Exobot](https://attack.mitre.org/software/S0522) can show phishing popups when a targeted application is running.(Citation: Threat Fabric Exobot)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1655", "showSubtechniques": true}, {"techniqueID": "T1655.001", "comment": "[Exobot](https://attack.mitre.org/software/S0522) has used names like WhatsApp and Netflix.(Citation: Threat Fabric Exobot)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1636", "showSubtechniques": true}, {"techniqueID": "T1636.003", "comment": "[Exobot](https://attack.mitre.org/software/S0522) can access the device\u2019s contact list.(Citation: Threat Fabric Exobot)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1636.004", "comment": "[Exobot](https://attack.mitre.org/software/S0522) can intercept SMS messages.(Citation: Threat Fabric Exobot)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1604", "comment": "[Exobot](https://attack.mitre.org/software/S0522) can open a SOCKS proxy connection through the compromised device.(Citation: Threat Fabric Exobot)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1582", "comment": "[Exobot](https://attack.mitre.org/software/S0522) can forward SMS messages.(Citation: Threat Fabric Exobot)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1418", "showSubtechniques": true}, {"techniqueID": "T1418.001", "comment": "[Exobot](https://attack.mitre.org/software/S0522) can obtain a list of installed applications and can detect if an antivirus application is running, and close it if it is.(Citation: Threat Fabric Exobot)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1426", "comment": "[Exobot](https://attack.mitre.org/software/S0522) can obtain the device\u2019s country and carrier name.(Citation: Threat Fabric Exobot)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1422", "comment": "[Exobot](https://attack.mitre.org/software/S0522) can obtain the device\u2019s IMEI, phone number, and IP address.(Citation: Threat Fabric Exobot) ", "score": 1, "showSubtechniques": true}, {"techniqueID": "T1422.001", "comment": "[Exobot](https://attack.mitre.org/software/S0522) can obtain the device\u2019s IMEI, phone number, and IP address.(Citation: Threat Fabric Exobot) ", "score": 1, "color": "#66b1ff", "showSubtechniques": true}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by Exobot", "color": "#66b1ff"}]}