216.73.217.22

Mandrake

The MITRE Corporation · Published 17/12/2025 22:47 · Modified 27/03/2026 01:41 Family

Essential information

Confidence
100/100
Is family
Yes
Published
17/12/2025 22:47
Modified
27/03/2026 01:41
Revoked
No
Author / Source
The MITRE Corporation
Related entities
25 attack patterns (mitre), 7 indicators, 1 reports

Aliases

oxide briar ricinus darkmatter

Description

[Mandrake](https://attack.mitre.org/software/S0485) is a sophisticated Android espionage platform that has been active in the wild since at least 2016. [Mandrake](https://attack.mitre.org/software/S0485) is very actively maintained, with sophisticated features and attacks that are executed with surgical precision. [Mandrake](https://attack.mitre.org/software/S0485) has gone undetected for several years by providing legitimate, ad-free applications with social media and real reviews to back the apps. The malware is only activated when the operators issue a specific command.(Citation: Bitdefender Mandrake)

Marking (TLP)

TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references

Related entities

Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.

Attack patterns (MITRE) (25 / 29)

Indicators (7)

Reports (1)