{"description": "Mobile techniques used by GoldenEagle, ATT&CK software S0551 (v1.0)", "name": "GoldenEagle (S0551)", "domain": "mobile-attack", "versions": {"layer": "4.5", "attack": "17", "navigator": "5.1.0"}, "techniques": [{"techniqueID": "T1437", "showSubtechniques": true}, {"techniqueID": "T1437.001", "comment": "[GoldenEagle](https://attack.mitre.org/software/S0551) has used HTTP POST requests for C2.(Citation: Lookout Uyghur Campaign)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1429", "comment": "[GoldenEagle](https://attack.mitre.org/software/S0551) has recorded calls and environment audio in .amr format.(Citation: Lookout Uyghur Campaign)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1533", "comment": "[GoldenEagle](https://attack.mitre.org/software/S0551) has retrieved .doc, .txt, .gif, .apk, .jpg, .png, .mp3, and .db files from external storage.(Citation: Lookout Uyghur Campaign)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1407", "comment": "[GoldenEagle](https://attack.mitre.org/software/S0551) can download new code to update itself.(Citation: Lookout Uyghur Campaign)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1646", "comment": "[GoldenEagle](https://attack.mitre.org/software/S0551) has exfiltrated data via both SMTP and HTTP.(Citation: Lookout Uyghur Campaign)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1420", "comment": "[GoldenEagle](https://attack.mitre.org/software/S0551) has looked for .doc, .txt, .gif, .apk, .jpg, .png, .mp3, and .db files on external storage.(Citation: Lookout Uyghur Campaign)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1430", "comment": "[GoldenEagle](https://attack.mitre.org/software/S0551) has tracked location.(Citation: Lookout Uyghur Campaign)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1655", "showSubtechniques": true}, {"techniqueID": "T1655.001", "comment": "[GoldenEagle](https://attack.mitre.org/software/S0551) has inserted trojan functionality into legitimate apps, including popular apps within the Uyghur community, VPNs, instant messaging apps, social networking, games, adult media, and Google searching.(Citation: Lookout Uyghur Campaign)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1636", "showSubtechniques": true}, {"techniqueID": "T1636.002", "comment": "[GoldenEagle](https://attack.mitre.org/software/S0551) has collected call logs.(Citation: Lookout Uyghur Campaign)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1636.003", "comment": "[GoldenEagle](https://attack.mitre.org/software/S0551) has collected a list of contacts.(Citation: Lookout Uyghur Campaign)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1636.004", "comment": "[GoldenEagle](https://attack.mitre.org/software/S0551) has collected SMS messages.(Citation: Lookout Uyghur Campaign)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1513", "comment": "[GoldenEagle](https://attack.mitre.org/software/S0551) has taken screenshots.(Citation: Lookout Uyghur Campaign)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1582", "comment": "[GoldenEagle](https://attack.mitre.org/software/S0551) has sent messages to an attacker-controlled number.(Citation: Lookout Uyghur Campaign)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1418", "comment": "[GoldenEagle](https://attack.mitre.org/software/S0551) has collected a list of installed application names.(Citation: Lookout Uyghur Campaign)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1409", "comment": "[GoldenEagle](https://attack.mitre.org/software/S0551) has extracted messages from chat programs, such as WeChat.(Citation: Lookout Uyghur Campaign)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1632", "showSubtechniques": true}, {"techniqueID": "T1632.001", "comment": "[GoldenEagle](https://attack.mitre.org/software/S0551) has modified or configured proxy information.(Citation: Lookout Uyghur Campaign) ", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1426", "comment": "[GoldenEagle](https://attack.mitre.org/software/S0551) has checked for system root.(Citation: Lookout Uyghur Campaign)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1512", "comment": "[GoldenEagle](https://attack.mitre.org/software/S0551) has taken photos with the device camera.(Citation: Lookout Uyghur Campaign)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by GoldenEagle", "color": "#66b1ff"}]}