Loading ...

Play interactive tourEdit tour

Android Analysis Report CovidCheck lu_v1.0.1_apkpure.com.apk

Overview

General Information

Sample Name:CovidCheck lu_v1.0.1_apkpure.com.apk
Analysis ID:434757
MD5:e09155c29931fb4eb6630f63c39a8091
SHA1:6c862a6b95922f6e42a4bb034fdac46b0230fe60
SHA256:517841e7483589dd7c6bcb6526c8310da48ca4cdac8099e0b0eb232e1bd253d7
Infos:

Most interesting Screenshot:

Detection

Score:27
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Drops a new APK file
Accesses android OS build fields
Checks an internet connection is available
Checks if debugger is running
Detected TCP or UDP traffic on non-standard ports
Enables or disables WIFI
Has permission to take photos
Lists and deletes files in the same context
Modifies WIFI configuration
Opens an internet connection
Queries camera information
Queries several sensitive phone informations
Queries the list of configured WIFI access points
Removes or disables configured WIFI access points
Requests potentially dangerous permissions
Uses reflection

Classification

Yara Overview

No yara matches

Signature Overview

Click to jump to signature section

Show All Signature Results
Source: unknownHTTPS traffic detected: 142.250.185.67:443 -> 192.168.2.30:54574 version: TLS 1.2
Source: unknownHTTPS traffic detected: 212.66.64.155:443 -> 192.168.2.30:34988 version: TLS 1.2
Source: unknownHTTPS traffic detected: 212.66.64.155:443 -> 192.168.2.30:34990 version: TLS 1.2
Source: com.google.zxing.client.android.encode.EncodeActivity;->share:19API Call: android.os.Environment.getExternalStorageDirectory
Source: org.apache.cordova.file.DirectoryManager;->getFreeExternalStorageSpace:11API Call: android.os.Environment.getExternalStorageState
Source: org.apache.cordova.file.DirectoryManager;->getFreeExternalStorageSpace:14API Call: android.os.Environment.getExternalStorageDirectory
Source: org.apache.cordova.file.DirectoryManager;->testFileExists:23API Call: android.os.Environment.getExternalStorageDirectory
Source: org.apache.cordova.file.DirectoryManager;->testSaveLocationExists:27API Call: android.os.Environment.getExternalStorageState
Source: org.apache.cordova.file.FileUtils;->requestAllPaths:152API Call: android.os.Environment.getExternalStorageState
Source: org.apache.cordova.file.FileUtils;->requestAllPaths:169API Call: android.os.Environment.getExternalStorageDirectory
Source: org.apache.cordova.file.FileUtils;->getAvailableFileSystems:373API Call: android.os.Environment.getExternalStorageState
Source: org.apache.cordova.file.FileUtils;->getAvailableFileSystems:381API Call: android.os.Environment.getExternalStorageDirectory
Source: org.apache.cordova.file.FileUtils;->initialize:423API Call: android.os.Environment.getExternalStorageState
Source: org.apache.cordova.file.FileUtils;->initialize:426API Call: android.os.Environment.getExternalStorageDirectory
Source: org.apache.cordova.file.FileUtils;->initialize:429API Call: android.os.Environment.getExternalStorageDirectory
Source: org.apache.cordova.file.LocalFilesystem;->isPublicDirectory:70API Call: android.os.Environment.getExternalStorageDirectory
Source: com.google.zxing.client.android.history.HistoryManager;->saveHistory:27API Call: android.os.Environment.getExternalStorageDirectory
Source: com.google.zxing.client.android.wifi.WifiConfigManager;->doInBackground:125API Call: android.net.wifi.WifiManager.isWifiEnabled
Source: com.google.zxing.client.android.wifi.WifiConfigManager;->doInBackground:135API Call: android.net.wifi.WifiManager.isWifiEnabled
Source: global trafficTCP traffic: 192.168.2.30:56068 -> 8.8.4.4:853
Source: com.google.zxing.client.android.wifi.WifiConfigManager;->doInBackground:130API Call: android.net.wifi.WifiManager.setWifiEnabled
Source: com.google.zxing.client.android.wifi.WifiConfigManager;->updateNetwork:96API Call: android.net.wifi.WifiManager.saveConfiguration
Source: com.google.zxing.client.android.wifi.WifiConfigManager;->updateNetwork:107API Call: android.net.wifi.WifiManager.saveConfiguration
Source: com.silkimen.http.HttpRequest$ConnectionFactory$1;->create:2API Call: java.net.URL.openConnection
Source: com.google.zxing.client.android.HttpHelper;->safelyOpenConnection:76API Call: java.net.URL.openConnection (not executed)
Source: org.apache.cordova.CordovaResourceApi;->createHttpConnection:92API Call: java.net.URL.openConnection (not executed)
Source: org.apache.cordova.CordovaResourceApi;->getMimeType:96API Call: java.net.URL.openConnection (not executed)
Source: org.apache.cordova.CordovaResourceApi;->openForRead:140API Call: java.net.URL.openConnection (not executed)
Source: com.silkimen.http.HttpRequest$ConnectionFactory$1;->create:3API Call: java.net.URL.openConnection (not executed)
Source: com.ionicframework.cordova.webview.WebViewLocalServer;->handleProxyRequest:139API Call: java.net.URL.openConnection (not executed)
Source: com.google.zxing.client.android.wifi.WifiConfigManager;->updateNetwork:95API Call: android.net.wifi.WifiManager.removeNetwork
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.163
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.163
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.163
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.42
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.15.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.15.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.15.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.15.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.15.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.15.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.15.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.15.188
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.163
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.15.188
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.46
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.46
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.46
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.46
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.46
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.46
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.46
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.46
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.46
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.46
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.67
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.67
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.67
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.67
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.67
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.67
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.67
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.67
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.67
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.67
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.67
Source: unknownTCP traffic detected without corresponding DNS query: 104.16.124.175
Source: unknownTCP traffic detected without corresponding DNS query: 104.16.124.175
Source: unknownTCP traffic detected without corresponding DNS query: 104.16.124.175
Source: unknownTCP traffic detected without corresponding DNS query: 104.16.124.175
Source: unknownTCP traffic detected without corresponding DNS query: 104.16.124.175
Source: unknownTCP traffic detected without corresponding DNS query: 104.16.124.175
Source: unknownTCP traffic detected without corresponding DNS query: 104.16.124.175
Source: unknownTCP traffic detected without corresponding DNS query: 104.16.124.175
Source: unknownTCP traffic detected without corresponding DNS query: 104.16.124.175
Source: unknownTCP traffic detected without corresponding DNS query: 104.16.124.175
Source: unknownTCP traffic detected without corresponding DNS query: 104.16.124.175
Source: androidString found in binary or memory: http://books.google.
Source: config.xmlString found in binary or memory: http://cordova.apache.org/ns/1.0
Source: index.html, license.htmlString found in binary or memory: http://github.com/zxing/zxing
Source: androidString found in binary or memory: http://google.com/books
Source: header-bg.pngString found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
Source: androidString found in binary or memory: http://maps.google.
Source: header-bg.pngString found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/
Source: barcodescanner.jsString found in binary or memory: http://opensource.org/licenses/alphabetical
Source: notification_action_background.xml, config.xml, help.xml, search_book_contents_list_item.xmlString found in binary or memory: http://schemas.android.com/apk/res/android
Source: apache-license.txtString found in binary or memory: http://www.apache.org/licenses/
Source: splashscreen.js, apache-license.txtString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: license.htmlString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: header-bg.pngString found in binary or memory: http://www.gimp.org/xmp/
Source: androidString found in binary or memory: http://www.google.
Source: androidString found in binary or memory: http://www.google.com/books?id=
Source: androidString found in binary or memory: http://www.google.com/books?vid=isbn
Source: sharing.htmlString found in binary or memory: http://zxing.appspot.com/generator/
Source: androidString found in binary or memory: http://zxing.appspot.com/scan
Source: androidString found in binary or memory: https://dgc-verification-prod.incert.lu/api/get-certificates
Source: androidString found in binary or memory: https://dgc-verification-prod.incert.lu/api/get-schemas
Source: config.xmlString found in binary or memory: https://incert.lu
Source: androidString found in binary or memory: https://ssl.gstatic.com/accessibility/javascript/android/
Source: androidString found in binary or memory: https://www.google.
Source: androidString found in binary or memory: https://www.googleapis.com/books/v1/volumes?q=isbn:
Source: com.google.zxing.client.android.HttpHelper;->safelyConnect:72API Call: java.net.HttpURLConnection.connect
Source: unknownNetwork traffic detected: HTTP traffic on port 39602 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54808 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54808
Source: unknownNetwork traffic detected: HTTP traffic on port 34988 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 34988
Source: unknownNetwork traffic detected: HTTP traffic on port 50870 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54574
Source: unknownNetwork traffic detected: HTTP traffic on port 42848 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54574 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 34990
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 42848
Source: unknownNetwork traffic detected: HTTP traffic on port 34990 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50458 -> 443
Source: unknownHTTPS traffic detected: 142.250.185.67:443 -> 192.168.2.30:54574 version: TLS 1.2
Source: unknownHTTPS traffic detected: 212.66.64.155:443 -> 192.168.2.30:34988 version: TLS 1.2
Source: unknownHTTPS traffic detected: 212.66.64.155:443 -> 192.168.2.30:34990 version: TLS 1.2
Source: submitted apkRequest permission: android.permission.CAMERA
Source: org.apache.cordova.file.LocalFilesystem;->removeDirRecursively:214API Calls in same method context: File.listFiles,File.delete
Source: submitted apkRequest permission: android.permission.CAMERA
Source: submitted apkRequest permission: android.permission.INTERNET
Source: submitted apkRequest permission: android.permission.WRITE_EXTERNAL_STORAGE
Source: classification engineClassification label: sus27.andAPK@0/253@0/0
Source: com.ionicframework.cordova.webview.IonicWebViewEngine;->init:90API Call: "serverBasePath": null
Source: com.ionicframework.cordova.webview.IonicWebViewEngine;->isNewBinary:27API Call: "lastBinaryVersionCode": null
Source: com.ionicframework.cordova.webview.IonicWebViewEngine;->isNewBinary:29API Call: "lastBinaryVersionName": null
Source: com.google.zxing.client.android.BeepManager;->shouldBeep:22API Call: android.content.SharedPreferences.getBoolean
Source: com.google.zxing.client.android.BeepManager;->updatePrefs:45API Call: android.content.SharedPreferences.getBoolean
Source: com.google.zxing.client.android.CaptureActivity;->handleDecodeInternally:170API Call: android.content.SharedPreferences.getBoolean
Source: com.google.zxing.client.android.CaptureActivity;->handleDecodeInternally:232API Call: android.content.SharedPreferences.getBoolean
Source: com.google.zxing.client.android.CaptureActivity;->handleDecode:328API Call: android.content.SharedPreferences.getBoolean
Source: com.google.zxing.client.android.CaptureActivity;->onResume:468API Call: android.content.SharedPreferences.getBoolean
Source: com.google.zxing.client.android.DecodeThread;-><init>:9API Call: android.content.SharedPreferences.getBoolean
Source: com.google.zxing.client.android.DecodeThread;-><init>:13API Call: android.content.SharedPreferences.getBoolean
Source: com.google.zxing.client.android.DecodeThread;-><init>:17API Call: android.content.SharedPreferences.getBoolean
Source: com.google.zxing.client.android.DecodeThread;-><init>:21API Call: android.content.SharedPreferences.getBoolean
Source: com.google.zxing.client.android.DecodeThread;-><init>:25API Call: android.content.SharedPreferences.getBoolean
Source: com.google.zxing.client.android.DecodeThread;-><init>:29API Call: android.content.SharedPreferences.getBoolean
Source: com.google.zxing.client.android.LocaleManager;->getCountry:200API Call: android.content.SharedPreferences.getString
Source: com.google.zxing.client.android.camera.AutoFocusManager;-><init>:13API Call: android.content.SharedPreferences.getBoolean
Source: com.google.zxing.client.android.camera.CameraConfigurationManager;->doSetTorch:7API Call: android.content.SharedPreferences.getBoolean
Source: com.google.zxing.client.android.camera.CameraConfigurationManager;->setDesiredCameraParameters:145API Call: android.content.SharedPreferences.getBoolean
Source: com.google.zxing.client.android.camera.CameraConfigurationManager;->setDesiredCameraParameters:147API Call: android.content.SharedPreferences.getBoolean
Source: com.google.zxing.client.android.camera.CameraConfigurationManager;->setDesiredCameraParameters:150API Call: android.content.SharedPreferences.getBoolean
Source: com.google.zxing.client.android.camera.CameraConfigurationManager;->setDesiredCameraParameters:153API Call: android.content.SharedPreferences.getBoolean
Source: com.google.zxing.client.android.camera.CameraConfigurationManager;->setDesiredCameraParameters:156API Call: android.content.SharedPreferences.getBoolean
Source: com.google.zxing.client.android.camera.FrontLightMode;->readPref:15API Call: android.content.SharedPreferences.getString
Source: com.google.zxing.client.android.history.HistoryManager;-><init>:12API Call: android.content.SharedPreferences.getBoolean
Source: com.google.zxing.client.android.history.HistoryManager;->addHistoryItem:83API Call: android.content.SharedPreferences.getBoolean
Source: com.google.zxing.client.android.result.ResultHandler;->parseCustomSearchURL:21API Call: android.content.SharedPreferences.getString
Source: com.google.zxing.client.android.AmbientLightManager;->start:14API Call: android.hardware.SensorManager.registerListener
Source: org.apache.cordova.statusbar.StatusBar;->access$100:3API Call: Real call: public void com.android.internal.policy.PhoneWindow.setStatusBarColor(int)
Source: org.apache.cordova.splashscreen.SplashScreen;->access$000:7API Call: Real call: public android.view.View org.apache.cordova.CordovaWebViewImpl.getView()
Source: org.apache.cordova.splashscreen.SplashScreen;->getView:51API Call: org.apache.cordova.CordovaWebViewImpl.getView
Source: org.apache.cordova.splashscreen.SplashScreen;->getView:51API Call: Real call: public android.view.View org.apache.cordova.CordovaWebViewImpl.getView()
Source: org.apache.cordova.BuildHelper;->getBuildConfigValue:12API Call: java.lang.reflect.Field.get
Source: org.apache.cordova.CoreAndroid;->getBuildConfigValue:14API Call: java.lang.reflect.Field.get
Source: org.apache.cordova.statusbar.StatusBar;->setStatusBarBackgroundColor:20API Call: java.lang.reflect.Method.invoke

Persistence and Installation Behavior:

barindex
Drops a new APK fileShow sources
Source: Android AppFile dump: /data/app/lu.etat.ci.dcc.android-X2JZ6XtM8Sp4rGHBCtjXpA==/base.apkJump to dropped file
Source: org.apache.cordova.engine.SystemWebViewEngine;->init:120Field Access: android.os.Build.MANUFACTURER
Source: org.apache.cordova.device.Device;->getPlatform:30Field Access: android.os.Build.MANUFACTURER
Source: org.apache.cordova.device.Device;->execute:14Field Access: android.os.Build.MODEL
Source: org.apache.cordova.device.Device;->execute:17Field Access: android.os.Build.MANUFACTURER
Source: org.apache.cordova.device.Device;->execute:20Field Access: android.os.Build.FINGERPRINT
Source: org.apache.cordova.device.Device;->execute:20Field Access: android.os.Build.PRODUCT
Source: com.google.zxing.client.android.camera.CameraConfigurationUtils;->collectStats:12Field Access: android.os.Build.BOARD
Source: com.google.zxing.client.android.camera.CameraConfigurationUtils;->collectStats:17Field Access: android.os.Build.BRAND
Source: com.google.zxing.client.android.camera.CameraConfigurationUtils;->collectStats:22Field Access: android.os.Build.CPU_ABI
Source: com.google.zxing.client.android.camera.CameraConfigurationUtils;->collectStats:27Field Access: android.os.Build.DEVICE
Source: com.google.zxing.client.android.camera.CameraConfigurationUtils;->collectStats:32Field Access: android.os.Build.DISPLAY
Source: com.google.zxing.client.android.camera.CameraConfigurationUtils;->collectStats:37Field Access: android.os.Build.FINGERPRINT
Source: com.google.zxing.client.android.camera.CameraConfigurationUtils;->collectStats:42Field Access: android.os.Build.HOST
Source: com.google.zxing.client.android.camera.CameraConfigurationUtils;->collectStats:47Field Access: android.os.Build.ID
Source: com.google.zxing.client.android.camera.CameraConfigurationUtils;->collectStats:52Field Access: android.os.Build.MANUFACTURER
Source: com.google.zxing.client.android.camera.CameraConfigurationUtils;->collectStats:57Field Access: android.os.Build.MODEL
Source: com.google.zxing.client.android.camera.CameraConfigurationUtils;->collectStats:62Field Access: android.os.Build.PRODUCT
Source: com.google.zxing.client.android.camera.CameraConfigurationUtils;->collectStats:67Field Access: android.os.Build.TAGS
Source: com.google.zxing.client.android.camera.CameraConfigurationUtils;->collectStats:76Field Access: android.os.Build.TYPE
Source: com.google.zxing.client.android.camera.CameraConfigurationUtils;->collectStats:81Field Access: android.os.Build.USER
Source: com.google.zxing.client.android.camera.CameraConfigurationUtils;->collectStats:96Field Access: android.os.Build$VERSION.RELEASE
Source: org.apache.cordova.device.Device;->getManufacturer:27Field Access: android.os.Build.MANUFACTURER
Source: org.apache.cordova.device.Device;->getModel:28Field Access: android.os.Build.MODEL
Source: org.apache.cordova.device.Device;->getOSVersion:29Field Access: android.os.Build$VERSION.RELEASE
Source: org.apache.cordova.device.Device;->getProductName:33Field Access: android.os.Build.PRODUCT
Source: org.apache.cordova.device.Device;->getSDKVersion:34Field Access: android.os.Build$VERSION.SDK
Source: org.apache.cordova.device.Device;->isAmazonDevice:45Field Access: android.os.Build.MANUFACTURER
Source: org.apache.cordova.device.Device;->isVirtual:48Field Access: android.os.Build.FINGERPRINT
Source: org.apache.cordova.device.Device;->isVirtual:51Field Access: android.os.Build.PRODUCT
Source: org.apache.cordova.engine.SystemWebViewEngine;->initWebViewSettings:25Field Access: android.os.Build.MANUFACTURER
Source: Lorg/apache/cordova/device/Device;->getPlatform()Ljava/lang/String;Method string: "android"
Source: Lcom/phonegap/plugins/barcodescanner/BarcodeScanner;->execute(Ljava/lang/String;Lorg/json/JSONArray;Lorg/apache/cordova/CallbackContext;)ZMethod string: "type"
Source: Lorg/apache/cordova/device/Device;->execute(Ljava/lang/String;Lorg/json/JSONArray;Lorg/apache/cordova/CallbackContext;)ZMethod string: "version"
Source: Lorg/apache/cordova/device/Device;->execute(Ljava/lang/String;Lorg/json/JSONArray;Lorg/apache/cordova/CallbackContext;)ZMethod string: "manufacturer"
Source: Lorg/apache/cordova/device/Device;->execute(Ljava/lang/String;Lorg/json/JSONArray;Lorg/apache/cordova/CallbackContext;)ZMethod string: "model"
Source: Lorg/apache/cordova/device/Device;->isVirtual()ZMethod string: "sdk"
Source: org.apache.cordova.PluginManager;-><clinit>:1API Call: android.os.Debug.isDebuggerConnected
Source: com.google.zxing.client.android.CaptureActivity;->resetStatusView:282API Call: android.hardware.Camera.getNumberOfCameras
Source: com.google.zxing.client.android.camera.open.OpenCameraInterface;->open:3API Call: android.hardware.Camera.getNumberOfCameras
Source: com.google.zxing.client.android.camera.open.OpenCameraInterface;->open:8API Call: android.hardware.Camera.getCameraInfo
Source: com.google.zxing.client.android.camera.open.OpenCameraInterface;->open:10API Call: android.hardware.Camera.getCameraInfo
Source: com.google.zxing.client.android.camera.open.OpenCameraInterface;->open:20API Call: android.hardware.Camera.open
Source: com.google.zxing.client.android.camera.open.OpenCameraInterface;->open:38API Call: android.hardware.Camera.open
Source: com.google.zxing.client.android.camera.open.OpenCameraInterface;->open:40API Call: android.hardware.Camera.getCameraInfo
Source: com.google.zxing.client.android.wifi.WifiConfigManager;->findNetworkInExistingConfig:71API Call: android.net.wifi.WifiManager.getConfiguredNetworks

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume AccessOS Credential DumpingSystem Network Connections Discovery1Remote ServicesNetwork Information Discovery2Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationDelete Device Data1
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemorySystem Information Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.