{"description": "Mobile techniques used by HenBox, ATT&CK software S0544 (v1.0)", "name": "HenBox (S0544)", "domain": "mobile-attack", "versions": {"layer": "4.5", "attack": "17", "navigator": "5.1.0"}, "techniques": [{"techniqueID": "T1429", "comment": "[HenBox](https://attack.mitre.org/software/S0544) can access the device\u2019s microphone.(Citation: Palo Alto HenBox)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1623", "showSubtechniques": true}, {"techniqueID": "T1623.001", "comment": "[HenBox](https://attack.mitre.org/software/S0544) can run commands as root.(Citation: Palo Alto HenBox) ", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1533", "comment": "[HenBox](https://attack.mitre.org/software/S0544) can steal data from various sources, including chat, communication, and social media apps.(Citation: Palo Alto HenBox)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1407", "comment": "[HenBox](https://attack.mitre.org/software/S0544) can load additional Dalvik code while running.(Citation: Palo Alto HenBox)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1624", "showSubtechniques": true}, {"techniqueID": "T1624.001", "comment": "[HenBox](https://attack.mitre.org/software/S0544) has registered several broadcast receivers.(Citation: Palo Alto HenBox)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1430", "comment": "[HenBox](https://attack.mitre.org/software/S0544) can track the device\u2019s location.(Citation: Palo Alto HenBox)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1655", "showSubtechniques": true}, {"techniqueID": "T1655.001", "comment": "[HenBox](https://attack.mitre.org/software/S0544) has masqueraded as VPN and Android system apps.(Citation: Palo Alto HenBox)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1575", "comment": "[HenBox](https://attack.mitre.org/software/S0544) has contained native libraries.(Citation: Palo Alto HenBox)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1406", "comment": "[HenBox](https://attack.mitre.org/software/S0544) has obfuscated components using XOR, ZIP with a single-byte key or ZIP/Zlib compression wrapped with RC4 encryption.(Citation: Palo Alto HenBox)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1424", "comment": "[HenBox](https://attack.mitre.org/software/S0544) can obtain a list of running processes.(Citation: Palo Alto HenBox)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1636", "showSubtechniques": true}, {"techniqueID": "T1636.002", "comment": "[HenBox](https://attack.mitre.org/software/S0544) has collected all outgoing phone numbers that start with \u201c86\u201d.(Citation: Palo Alto HenBox)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1636.003", "comment": "[HenBox](https://attack.mitre.org/software/S0544) can access the device\u2019s contact list.(Citation: Palo Alto HenBox)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1636.004", "comment": "[HenBox](https://attack.mitre.org/software/S0544) can intercept SMS messages.(Citation: Palo Alto HenBox)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1418", "comment": "[HenBox](https://attack.mitre.org/software/S0544) can obtain a list of running apps.(Citation: Palo Alto HenBox)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1426", "comment": "[HenBox](https://attack.mitre.org/software/S0544) can collect device information and can check if the device is running MIUI on a Xiaomi device.(Citation: Palo Alto HenBox)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1512", "comment": "[HenBox](https://attack.mitre.org/software/S0544) can access the device\u2019s camera.(Citation: Palo Alto HenBox)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1633", "showSubtechniques": true}, {"techniqueID": "T1633.001", "comment": "[HenBox](https://attack.mitre.org/software/S0544) can detect if the app is running on an emulator.(Citation: Palo Alto HenBox)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by HenBox", "color": "#66b1ff"}]}