{ "id": "6c857718-8a26-47d4-867f-152761c52ef4", "created_at": "2026-04-06T00:17:38.9275Z", "updated_at": "2026-04-10T03:30:33.304709Z", "deleted_at": null, "sha1_hash": "83ba9aab64fe4a1d21d20ef81dd28ef1a681c0ce", "title": "Dendroid (malware)", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 59846, "plain_text": "Dendroid (malware)\r\nBy Contributors to Wikimedia projects\r\nPublished: 2016-05-02 · Archived: 2026-04-02 10:42:49 UTC\r\nFrom Wikipedia, the free encyclopedia\r\nDendroid is malware that affects mobile devices that run Android.[1]\r\nIt was first discovered in early 2014 by Symantec and appeared in the underground for sale for $300.[2] Certain\r\nfeatures were noted as being used in Dendroid, such as the ability to hide from emulators at the time.[3] When first\r\ndiscovered in 2014 it was one of the most sophisticated Android remote administration tools known at that time.[4]\r\nIt was one of the first Trojan applications to get past Google's Bouncer and caused researchers to warn about it\r\nbeing easier to create Android malware due to it.[5] It also seems to have followed in the footsteps of Zeus and\r\nSpyEye by having simple-to-use command and control panels.[6] The code appeared to be leaked somewhere\r\naround 2014.[7] It was noted that an apk binder was included in the leak, which provided a simple way to bind\r\nDendroid to legitimate applications.\r\nIt is capable of:\r\nDeleting call logs\r\nOpening web pages\r\nDialing any number\r\nRecording calls\r\nSMS intercepting\r\nUploading images and video\r\nOpening an application\r\nPerforming denial-of-service attacks\r\nChanging the command and control server[8]\r\nBotnet\r\nBrain Test\r\nMirai\r\nShedun\r\nZombie (computer science)\r\n1. ^ Coogan, Peter (5 March 2014). \"Android RATs Branch out with Dendroid\". Symantec. Retrieved 23\r\nOctober 2016.\r\n2. ^ Paganini, Pierluigi (March 7, 2014). \"Dendroid – A new Android RAT available on the underground\".\r\nsecurityaffairs.co. Retrieved 23 October 2016.\r\n3. ^ Leder, Felix (May 27, 2014). \"Dendroid under the hood – A look inside an Android RAT kit\". Blue Coat\r\nLabs. Retrieved 23 October 2016.\r\nhttps://en.wikipedia.org/wiki/Dendroid_(malware)\r\nPage 1 of 2\n\n4. ^ Zorz, Zeljka (March 7, 2014). \"Dendroid spying RAT malware found on Google Play\".\r\nhelpnetsecurity.com. Retrieved 23 October 2016.\r\n5. ^ \"New crimeware tool Dendroid makes it easier to create Android malware, researchers warn\". PC\r\nWorld. Mar 6, 2014. Retrieved 23 October 2016.\r\n6. ^ \"Source Code leaks for Android RAT Dendroid\". mysonicwall.com. Aug 29, 2014. Retrieved 23 October\r\n2016.\r\n7. ^ Kovacs, Eduard (20 August 2014). \"Source Code of Android RAT Dendroid Leaked Online\".\r\nsecurityweek.com. Retrieved 23 October 2016.\r\n8. ^ Wei, Wang (March 5, 2014). \"Symantec discovered Android Malware Toolkit named Dendroid\".\r\nthehackernews.com. Retrieved 23 October 2016.\r\nSource: https://en.wikipedia.org/wiki/Dendroid_(malware)\r\nhttps://en.wikipedia.org/wiki/Dendroid_(malware)\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://en.wikipedia.org/wiki/Dendroid_(malware)" ], "report_names": [ "Dendroid_(malware)" ], "threat_actors": [ { "id": "75108fc1-7f6a-450e-b024-10284f3f62bb", "created_at": "2024-11-01T02:00:52.756877Z", "updated_at": "2026-04-10T02:00:05.273746Z", "deleted_at": null, "main_name": "Play", "aliases": null, "source_name": "MITRE:Play", "tools": [ "Nltest", "AdFind", "PsExec", "Wevtutil", "Cobalt Strike", "Playcrypt", "Mimikatz" ], "source_id": "MITRE", "reports": null } ], "ts_created_at": 1775434658, "ts_updated_at": 1775791833, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/83ba9aab64fe4a1d21d20ef81dd28ef1a681c0ce.pdf", "text": "https://archive.orkl.eu/83ba9aab64fe4a1d21d20ef81dd28ef1a681c0ce.txt", "img": "https://archive.orkl.eu/83ba9aab64fe4a1d21d20ef81dd28ef1a681c0ce.jpg" } }