rag/corpus/malware_knowledge.txt

Android malware often abuses READ_SMS to intercept OTP messages.
Communication with api.telegram.org is commonly used for C2 exfiltration.
Banking trojans target SMS permissions and overlay attacks.
APK files requesting SMS and internet permissions are high risk.

Windows malware may use CreateRemoteThread for process injection.
Suspicious EXE files often drop persistence via registry Run keys.
C2 traffic over HTTPS to unknown domains is a red flag.
PowerShell abuse is common in post-exploitation.

MITRE T1406 refers to SMS Control.
MITRE T1055 refers to Process Injection.
MITRE T1059 refers to Command and Scripting Interpreter.