ANDROIDOS_ANSERVER.A

ANDROIDOS_ANSERVER.A is Android malware that is unique because it uses encrypted content within a blog site for command and control. [1]

ID: S0310
Type: MALWARE
Platforms: Android
Version: 1.3
Created: 25 October 2017
Last Modified: 15 October 2019

Techniques Used

Domain ID Name Use
Mobile T1426 System Information Discovery

ANDROIDOS_ANSERVER.A gathers the device OS version, device build version, manufacturer, and model.[2]

Mobile T1422 System Network Configuration Discovery

ANDROIDOS_ANSERVER.A gathers the device IMEI and IMSI.[2]

Mobile T1481 Web Service

ANDROIDOS_ANSERVER.A uses encrypted content within a blog site for part of its command and control. Specifically, the encrypted content contains URLs for other servers to be used for other aspects of command and control.[1]

References