{"description": "Mobile techniques used by DCHSpy, ATT&CK software S1243 (v1.0)", "name": "DCHSpy (S1243)", "domain": "mobile-attack", "versions": {"layer": "4.5", "attack": "19", "navigator": "5.3.2"}, "techniques": [{"techniqueID": "T1437", "comment": "[DCHSpy](https://attack.mitre.org/software/S1243) has uploaded collected data to a Secure File Transfer Protocol (SFTP) server.(Citation: Lookout_DCHSpy_July2025) ", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1532", "comment": "[DCHSpy](https://attack.mitre.org/software/S1243) has compressed and encrypted collected data with a password from the C2 server.(Citation: Lookout_DCHSpy_July2025) ", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1429", "comment": "[DCHSpy](https://attack.mitre.org/software/S1243) has captured audio from the device by taking control of the microphone.(Citation: Lookout_DCHSpy_July2025) ", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1533", "comment": "[DCHSpy](https://attack.mitre.org/software/S1243) has collected files of interest on the device, including WhatsApp files.(Citation: Lookout_DCHSpy_July2025) ", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1430", "comment": "[DCHSpy](https://attack.mitre.org/software/S1243) has collected location data.(Citation: Lookout_DCHSpy_July2025) ", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1655", "showSubtechniques": true}, {"techniqueID": "T1655.001", "comment": "[DCHSpy](https://attack.mitre.org/software/S1243) has masqueraded as legitimate applications, such as VPN and banking applications.(Citation: Lookout_DCHSpy_July2025) ", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1636", "showSubtechniques": true}, {"techniqueID": "T1636.002", "comment": "[DCHSpy](https://attack.mitre.org/software/S1243) has accessed the device\u2019s call log.(Citation: Lookout_DCHSpy_July2025)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1636.003", "comment": "[DCHSpy](https://attack.mitre.org/software/S1243) has accessed the device\u2019s contact list.(Citation: Lookout_DCHSpy_July2025)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1636.004", "comment": "[DCHSpy](https://attack.mitre.org/software/S1243) has accessed the device\u2019s SMS messages, including messages that were in the inbox, sent, draft, outbox, failed, and queued.(Citation: Lookout_DCHSpy_July2025)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1636.005", "comment": "[DCHSpy](https://attack.mitre.org/software/S1243) has collected account names and their types from the device.(Citation: Lookout_DCHSpy_July2025)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1409", "comment": "[DCHSpy](https://attack.mitre.org/software/S1243) has collected files of interest on the device, including WhatsApp files.(Citation: Lookout_DCHSpy_July2025) ", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1512", "comment": "[DCHSpy](https://attack.mitre.org/software/S1243) has captured photos from the device by taking control of the camera.(Citation: Lookout_DCHSpy_July2025) ", "score": 1, "color": "#66b1ff", "showSubtechniques": false}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by DCHSpy", "color": "#66b1ff"}]}