ATT&CK v19 has been released! Check out the blog post for more information.

Network Communication

Network Communication captures outbound or inbound communication initiated by an application or mobile device, including the domains contacted, protocols used, and session metadata associated with the communication.

Monitoring network communication enables defenders to identify command-and-control traffic, data exfiltration, or suspicious communication patterns originating from mobile applications.

Examples

Connections to previously unseen domains
Repeated communication with suspicious infrastructure
Communication immediately following application installation

Collection Methods

Mobile VPN telemetry
Secure web gateway logs
Network detection and response (NDR)
Mobile EDR network monitoring

ID: DC0113

Domains: Mobile

Version: 2.1

Created: 13 March 2023

Last Modified: 11 March 2026

Log Sources

Name	Channel
Application Vetting	None

Detection Strategy

ID	Name	Technique Detected
DET0652	Detection of Application Versioning	T1661
DET0669	Detection of Domain Generation Algorithms	T1637.001
DET0613	Detection of Dynamic Resolution	T1637
DET0629	Detection of Exploitation for Client Execution	T1658