Bread - S0432 (108b2817-bc01-404e-8e1b-8cdeec846326)

Bread was a large-scale billing fraud malware family known for employing many different cloaking and obfuscation techniques in an attempt to continuously evade Google Play Store’s malware detection. 1,700 unique Bread apps were detected and removed from the Google Play Store before being downloaded by users.(Citation: Google Bread)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Bread - S0432 (108b2817-bc01-404e-8e1b-8cdeec846326)	Malware	Access Notifications - T1517 (39dd7871-f59b-495f-a9a5-3cb8cc50c9b2)	Attack Pattern	1
Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add)	Attack Pattern	Bread - S0432 (108b2817-bc01-404e-8e1b-8cdeec846326)	Malware	1
Bread - S0432 (108b2817-bc01-404e-8e1b-8cdeec846326)	Malware	Obfuscated Files or Information - T1406 (d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a)	Attack Pattern	1
Bread - S0432 (108b2817-bc01-404e-8e1b-8cdeec846326)	Malware	System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd)	Attack Pattern	1
Download New Code at Runtime - T1407 (6c49d50f-494d-4150-b774-a655022d20a6)	Attack Pattern	Bread - S0432 (108b2817-bc01-404e-8e1b-8cdeec846326)	Malware	1
Software Packing - T1406.002 (51636761-2e35-44bf-9e56-e337adf97174)	Attack Pattern	Bread - S0432 (108b2817-bc01-404e-8e1b-8cdeec846326)	Malware	1
Bread - S0432 (108b2817-bc01-404e-8e1b-8cdeec846326)	Malware	Generate Traffic from Victim - T1643 (a8e971b8-8dc7-4514-8249-ae95427ec467)	Attack Pattern	1
Bread - S0432 (108b2817-bc01-404e-8e1b-8cdeec846326)	Malware	Native API - T1575 (52eff1c7-dd30-4121-b762-24ae6fa61bbb)	Attack Pattern	1
Bread - S0432 (108b2817-bc01-404e-8e1b-8cdeec846326)	Malware	SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002)	Attack Pattern	1
Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add)	Attack Pattern	Application Layer Protocol - T1437 (6a3f6490-9c44-40de-b059-e5940f246673)	Attack Pattern	2
Software Packing - T1406.002 (51636761-2e35-44bf-9e56-e337adf97174)	Attack Pattern	Obfuscated Files or Information - T1406 (d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a)	Attack Pattern	2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e)	Attack Pattern	SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002)	Attack Pattern	2