Version 15.1 → 16.0
Software — Mobile ATT&CK Changelog
Modified Software
| Description |
|---|
| [FinFisher](https://attack.mitre.org/software/S0182) is a government-grade commercial surveillance spyware reportedly sold exclusively to government agencies for use in targeted and lawful criminal investigations. It is heavily obfuscated and uses multiple anti-analysis techniques. It has other variants including [Wingbird](https://attack.mitre.org/software/S0176). (Citation: FinFisher Citation) (Citation: Microsoft SIR Vol 21) (Citation: FireEye FinSpy Sept 2017) (Citation: Securelist BlackOasis Oct 2017) (Citation: Microsoft FinFisher March 2018) |
Details
Dictionary Item Added
| Field | Old value | New value |
|---|---|---|
| x_mitre_deprecated | False |
Values Changed
| Field | Old value | New value |
|---|---|---|
| modified | 2022-03-02 15:47:13.329000+00:00 | 2024-09-12 17:23:46.687000+00:00 |
| external_references[3]['description'] | FinFisher. (n.d.). Retrieved December 20, 2017. | FinFisher. (n.d.). Retrieved September 12, 2024. |
| external_references[3]['url'] | http://www.finfisher.com/FinFisher/index.html | https://web.archive.org/web/20171222050934/http://www.finfisher.com/FinFisher/index.html |
| x_mitre_attack_spec_version | 2.1.0 | 3.2.0 |
| Description |
|---|
| [Anubis](https://attack.mitre.org/software/S0422) is Android malware that was originally used for cyber espionage, and has been retooled as a banking trojan.(Citation: Cofense Anubis) |
Details
Dictionary Item Added
| Field | Old value | New value |
|---|---|---|
| x_mitre_deprecated | False |
Values Changed
| Field | Old value | New value |
|---|---|---|
| modified | 2021-09-20 13:50:01.923000+00:00 | 2024-09-25 15:03:05.100000+00:00 |
| external_references[1]['description'] | M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020. | M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved September 25, 2024. |
| external_references[1]['url'] | https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/ | https://web.archive.org/web/20231222134431/https://cofense.com/blog/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/ |
| x_mitre_attack_spec_version | 2.1.0 | 3.2.0 |
| Description |
|---|
| [Exobot](https://attack.mitre.org/software/S0522) is Android banking malware, primarily targeting financial institutions in Germany, Austria, and France.(Citation: Threat Fabric Exobot) |
Details
Dictionary Item Added
| Field | Old value | New value |
|---|---|---|
| x_mitre_deprecated | False |
Values Changed
| Field | Old value | New value |
|---|---|---|
| modified | 2020-12-07 14:28:31.876000+00:00 | 2024-10-01 15:53:53.833000+00:00 |
| x_mitre_attack_spec_version | 2.1.0 | 3.2.0 |
Iterable Item Removed
| Field | Old value | New value |
|---|---|---|
| external_references | {'source_name': 'Proofpoint-Marcher', 'description': 'Proofpoint. (2017, November 3). Credential phishing and an Android banking Trojan combine in Austrian mobile attacks. Retrieved July 6, 2018.', 'url': 'https://www.proofpoint.com/us/threat-insight/post/credential-phishing-and-android-banking-trojan-combine-austrian-mobile-attacks'} | |
| x_mitre_aliases | Marcher |
Deprecated Software
| Description |
|---|
| [Marcher](https://attack.mitre.org/software/S0317) is Android malware that is used for financial fraud. (Citation: Proofpoint-Marcher) |
Details
Dictionary Item Added
| Field | Old value | New value |
|---|---|---|
| x_mitre_aliases | ['Marcher'] | |
| x_mitre_deprecated | True |
Values Changed
| Field | Old value | New value |
|---|---|---|
| modified | 2022-10-24 15:09:07.609000+00:00 | 2024-09-30 18:57:47.266000+00:00 |
| x_mitre_attack_spec_version | 2.1.0 | 3.2.0 |