Full Report
Take a look at Zimperium’s coverage against Android malware in Donot APT operations and extended indicators of compromise. The post Zimperium’s Coverage Against Android Malware in Donot APT Operations and Extended Indicators of Compromise appeared first on Zimperium.
Analysis Summary
# Threat Actor: Donot APT
## Attribution & Identity
The threat actor is identified as the **Donot Advanced Persistent Threat (APT)** group. The analysis summarizes a recent campaign detailed in a publication by CYFIRMA.
## Activity Summary
The Donot APT group is conducting sophisticated Android malware campaigns distributing spyware. These operations utilize malicious applications and custom-built malware, combined with the exploitation of legitimate services, to achieve stealth and evade detection while stealing sensitive user information.
## Tactics, Techniques & Procedures
- Distribution via malicious applications.
- Deployment of custom-built malware (spyware).
- Exploitation of legitimate services to avoid detection.
- Capabilities include stealing sensitive user information and gaining unauthorized access to devices.
## Targeting
- Sectors: Not explicitly detailed beyond the nature of the infection vector (Android malware), but sophisticated APTs typically target high-value entities.
- Geography: Not specified in the provided excerpt.
- Victims: No specific organizations are mentioned in this summary, only the confirmed use of Android malware samples.
## Tools & Infrastructure
- Malware families used: **Android spyware** (custom-built).
- Infrastructure (C2, domains, IPs): The deployment involves malicious **domains**, but specific de-fanged details are not present in this excerpt.
## Implications
Donot APT demonstrates a high degree of sophistication, leveraging custom tools and evasion techniques focused on mobile platforms (Android). The objective of stealing sensitive information poses a significant risk to targeted mobile users.
## Mitigations
- Detection and coverage against sophisticated Android malware.
- Defense against mobile spyware distribution vectors (malicious apps).
- Implementing security solutions capable of detecting custom-built malware and exploitation techniques on mobile endpoints.