| Command ID |
Function |
| cmd_10001 |
Collect mobile device information (including IMEI, IMSI, serial number, device brand, device model, OS version, memory size, SD card size, power, MAC address, WIFI MAC address, root permission, IP address, accessibility enabled, device manager enabled, NET type, client version, camera enabled, Bluetooth MAC address, camera information, plugin version, phone number, OS ID, microphone enabled) |
| cmd_10002 |
Collect installed APPs information (including APP name, package name, version, installed time, installed path, size, system app or not) |
| cmd_10003 |
Collect contacts information |
| cmd_10004 |
Collect content of SMS (Short Message Service) |
| cmd_10005 |
Record phone call |
| cmd_10006 |
Take a picture from front-facing camara |
| cmd_10008 |
Collect geolocation information from GPS and CDMA |
| cmd_10009 |
Collect phone call history |
| cmd_10010 |
Collect WIFI information (from local settings or by WIFI scanner) |
| cmd_10011 |
Collect directory information (including SD card, Pictures, DCIM, Downloads folders) |
| cmd_10012 |
Collect directory information from a specified folder |
| cmd_10013 |
Collect a file content from the device |
| cmd_10014 |
Collect browser bookmarks |
| cmd_10015 |
Collect a specified APP database |
| cmd_10016 |
Collect WeChat’s resource information |
| cmd_10018 |
Take a screenshot |
| cmd_10019 |
Record at a scheduled time |
| cmd_10021 |
A collective execution of cmd10005, cmd10006, cmd10008, cmd10011, cmd10015, cmd10016, and cmd10018 |
| cmd_10024 |
Collect clipboard data |
| cmd_10025 |
Collect input method information |
| cmd_10026 |
Collect messages from WeChat via Accessibility |
| cmd_10027 |
Collect messages from QQ via Accessibility |
| cmd_10028 |
Archive a file or a folder |
| cmd_10029 |
Collect messages from Skype via Accessibility |
| cmd_10030 |
Collect messages from WhatsApp via Accessibility |
| cmd_10031 |
Collect messages from DingTalk via Accessibility |
| cmd_10037 |
Collect messages from MOMO via Accessibility |
| cmd_10038 |
Collect messages from TalkBox via Accessibility |
| cmd_10039 |
Collect messages from Voxer via Accessibility |
| cmd_10043 |
Collect a specified APP resource information |
| cmd_10044 |
Collect messages from Telegram via Accessibility |
| cmd_20001 |
Download a URL |
| cmd_20002 |
Record phone call |
| cmd_20003 |
Collect WeChat’s resource information |
| cmd_20004 |
Execute a shell command |
| cmd_20005 |
Collect messages from WeChat via local database “EnMicroMsg.db” |
| cmd_99999 |
Uninstall backdoor |
Read More HERE
