Matrices
Enterprise
Mobile
ICS
Tactics
Enterprise
Mobile
ICS
Techniques
Enterprise
Mobile
ICS
Defenses
Mitigations
Enterprise
Mobile
ICS
Assets
Detections
Detection Strategies
Analytics
Data Components
CTI
Groups
Software
Campaigns
Resources
Get Started
Learn More about ATT&CK
ATT&CKcon
ATT&CK Data & Tools
FAQ
Engage with ATT&CK
Version History
Updates
Legal & Branding
Benefactors
Blog
Search
ATT&CK v18 has been released! Check out the
blog post
or
changelog
for more information.
Home
Data Components
API Calls
API Calls
API calls utilized by an application that could indicate malicious activity
ID:
DC0112
Domains
: Mobile
Version
: 2.0
Created
: 13 March 2023
Last Modified
: 21 October 2025
Log Sources
Name
Channel
Application Vetting
None
Detection Strategy
ID
Name
Technique Detected
DET0652
Detection of Application Versioning
T1661
DET0643
Detection of Clipboard Data
T1414
DET0655
Detection of Command and Scripting Interpreter
T1623
DET0712
Detection of Compromise Client Software Binary
T1645
DET0704
Detection of Compromise Software Dependencies and Development Tools
T1474.001
DET0721
Detection of Compromise Software Supply Chain
T1474.003
DET0633
Detection of Credentials from Password Store
T1634
DET0671
Detection of Data Destruction
T1662
DET0678
Detection of Data Encrypted for Impact
T1471
DET0660
Detection of Data Manipulation
T1641
DET0618
Detection of Download New Code at Runtime
T1407
DET0653
Detection of Execution Guardrails
T1627
DET0665
Detection of Exploitation for Privilege Escalation
T1404
DET0637
Detection of Foreground Persistence
T1541
DET0648
Detection of Geofencing
T1627.001
DET0640
Detection of Hide Artifacts
T1628
DET0687
Detection of Impair Defenses
T1629
DET0664
Detection of Keychain
T1634.001
DET0715
Detection of Masquerading
T1655
DET0609
Detection of Match Legitimate Name or Location
T1655.001
DET0720
Detection of Obfuscated Files or Information
T1406
DET0598
Detection of Prevent Application Removal
T1629.001
DET0692
Detection of Process Discovery
T1424
DET0632
Detection of Process Injection
T1631
DET0622
Detection of Ptrace System Calls
T1631.001
DET0668
Detection of Screen Capture
T1513
DET0680
Detection of Security Software Discovery
T1418.001
DET0600
Detection of Software Discovery
T1418
DET0644
Detection of Software Packing
T1406.002
DET0656
Detection of Steal Application Access Token
T1635
DET0621
Detection of Stored Application Data
T1409
DET0628
Detection of Supply Chain Compromise
T1474
DET0714
Detection of Suppress Application Icon
T1628.001
DET0625
Detection of System Checks
T1633.001
DET0683
Detection of Transmitted Data Manipulation
T1641.001
DET0690
Detection of Uninstall Malicious Application
T1630.001
DET0607
Detection of Unix Shell
T1623.001
DET0626
Detection of URI Hijacking
T1635.001
DET0616
Detection of Virtualization/Sandbox Evasion
T1633
×
load more results