Skip to content

Hide Navigation Hide TOC

Dendroid (ea3a8c25-4adb-4538-bf11-55259bdba15f)

Dendroid is malware that affects Android OS and targets the mobile platform. It was first discovered in early of 2014 by Symantec and appeared in the underground for sale for $300. Some things were noted in Dendroid, such as being able to hide from emulators at the time. When first discovered in 2014 it was one of the most sophisticated Android remote administration tools known at that time. It was one of the first Trojan applications to get past Google's Bouncer and caused researchers to warn about it being easier to create Android malware due to it. It also seems to have follow in the footsteps of Zeus and SpyEye by having simple-to-use command and control panels. The code appeared to be leaked somewhere around 2014. It was noted that an apk binder was included in the leak, which provided a simple way to bind Dendroid to legitimate applications.

Cluster A Galaxy A Cluster B Galaxy B Level
Dendroid - S0301 (317a2c10-d489-431e-b6b2-f0251fddc88e) Malware Dendroid (ea3a8c25-4adb-4538-bf11-55259bdba15f) RAT 1
GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512) Attack Pattern Dendroid - S0301 (317a2c10-d489-431e-b6b2-f0251fddc88e) Malware 2
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern Dendroid - S0301 (317a2c10-d489-431e-b6b2-f0251fddc88e) Malware 2
Audio Capture - T1429 (6683aa0c-d98a-4f5b-ac57-ca7e9934a760) Attack Pattern Dendroid - S0301 (317a2c10-d489-431e-b6b2-f0251fddc88e) Malware 2
System Checks - T1633.001 (6ffad4be-bfe0-424f-abde-4d9a84a800ad) Attack Pattern Dendroid - S0301 (317a2c10-d489-431e-b6b2-f0251fddc88e) Malware 2
Video Capture - T1512 (d8940e76-f9c1-4912-bea6-e21c251370b6) Attack Pattern Dendroid - S0301 (317a2c10-d489-431e-b6b2-f0251fddc88e) Malware 2
Data from Local System - T1533 (e1c912a9-e305-434b-9172-8a6ce3ec9c4a) Attack Pattern Dendroid - S0301 (317a2c10-d489-431e-b6b2-f0251fddc88e) Malware 2
SMS Control - T1582 (b327a9c0-e709-495c-aa6e-00b042136e2b) Attack Pattern Dendroid - S0301 (317a2c10-d489-431e-b6b2-f0251fddc88e) Malware 2
Dendroid - S0301 (317a2c10-d489-431e-b6b2-f0251fddc88e) Malware Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern 2
GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512) Attack Pattern Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad) Attack Pattern 3
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern 3
System Checks - T1633.001 (6ffad4be-bfe0-424f-abde-4d9a84a800ad) Attack Pattern Virtualization/Sandbox Evasion - T1633 (27d18e87-8f32-4be1-b456-39b90454360f) Attack Pattern 3
Masquerading - T1655 (f856eaab-e84a-4265-a8a2-7bf37e5dc2fc) Attack Pattern Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern 3