Skip to content

Hide Navigation Hide TOC

WolfRAT - S0489 (dfdac962-9461-47f0-a212-36dfce2a97e6)

WolfRAT is malware based on a leaked version of Dendroid that has primarily targeted Thai users. WolfRAT has most likely been operated by the now defunct organization Wolf Research.(Citation: Talos-WolfRAT)

Cluster A Galaxy A Cluster B Galaxy B Level
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern WolfRAT - S0489 (dfdac962-9461-47f0-a212-36dfce2a97e6) Malware 1
Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2) Attack Pattern WolfRAT - S0489 (dfdac962-9461-47f0-a212-36dfce2a97e6) Malware 1
Download New Code at Runtime - T1407 (6c49d50f-494d-4150-b774-a655022d20a6) Attack Pattern WolfRAT - S0489 (dfdac962-9461-47f0-a212-36dfce2a97e6) Malware 1
Process Discovery - T1424 (1b51f5bc-b97a-498a-8dbd-bc6b1901bf19) Attack Pattern WolfRAT - S0489 (dfdac962-9461-47f0-a212-36dfce2a97e6) Malware 1
WolfRAT - S0489 (dfdac962-9461-47f0-a212-36dfce2a97e6) Malware Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) Attack Pattern 1
Audio Capture - T1429 (6683aa0c-d98a-4f5b-ac57-ca7e9934a760) Attack Pattern WolfRAT - S0489 (dfdac962-9461-47f0-a212-36dfce2a97e6) Malware 1
WolfRAT - S0489 (dfdac962-9461-47f0-a212-36dfce2a97e6) Malware System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd) Attack Pattern 1
System Checks - T1633.001 (6ffad4be-bfe0-424f-abde-4d9a84a800ad) Attack Pattern WolfRAT - S0489 (dfdac962-9461-47f0-a212-36dfce2a97e6) Malware 1
Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern WolfRAT - S0489 (dfdac962-9461-47f0-a212-36dfce2a97e6) Malware 1
Screen Capture - T1513 (73c26732-6422-4081-8b63-6d0ae93d449e) Attack Pattern WolfRAT - S0489 (dfdac962-9461-47f0-a212-36dfce2a97e6) Malware 1
WolfRAT - S0489 (dfdac962-9461-47f0-a212-36dfce2a97e6) Malware File Deletion - T1630.002 (ab7400b7-3476-4776-9545-ef3fa373de63) Attack Pattern 1
Video Capture - T1512 (d8940e76-f9c1-4912-bea6-e21c251370b6) Attack Pattern WolfRAT - S0489 (dfdac962-9461-47f0-a212-36dfce2a97e6) Malware 1
Access Notifications - T1517 (39dd7871-f59b-495f-a9a5-3cb8cc50c9b2) Attack Pattern WolfRAT - S0489 (dfdac962-9461-47f0-a212-36dfce2a97e6) Malware 1
Data from Local System - T1533 (e1c912a9-e305-434b-9172-8a6ce3ec9c4a) Attack Pattern WolfRAT - S0489 (dfdac962-9461-47f0-a212-36dfce2a97e6) Malware 1
SMS Control - T1582 (b327a9c0-e709-495c-aa6e-00b042136e2b) Attack Pattern WolfRAT - S0489 (dfdac962-9461-47f0-a212-36dfce2a97e6) Malware 1
Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern WolfRAT - S0489 (dfdac962-9461-47f0-a212-36dfce2a97e6) Malware 1
WolfRAT - S0489 (dfdac962-9461-47f0-a212-36dfce2a97e6) Malware Obfuscated Files or Information - T1406 (d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a) Attack Pattern 1
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern 2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) Attack Pattern 2
System Checks - T1633.001 (6ffad4be-bfe0-424f-abde-4d9a84a800ad) Attack Pattern Virtualization/Sandbox Evasion - T1633 (27d18e87-8f32-4be1-b456-39b90454360f) Attack Pattern 2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern 2
Indicator Removal on Host - T1630 (0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d) Attack Pattern File Deletion - T1630.002 (ab7400b7-3476-4776-9545-ef3fa373de63) Attack Pattern 2
Masquerading - T1655 (f856eaab-e84a-4265-a8a2-7bf37e5dc2fc) Attack Pattern Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern 2