ATT&CK v19 has been released! Check out the blog post for more information.

Application Assets

Application Assets represent static or packaged resources bundled with an application that may contain executable logic, configuration data, or hidden payloads.

These assets may include embedded binaries, scripts, configuration files, libraries, or other resources stored within the application package. Adversaries may hide malicious components within application assets to evade detection during installation or initial inspection.

Examples

Android:

Embedded .dex files loaded dynamically
Hidden native libraries in APK assets
Dropped payloads stored within the app sandbox

iOS:

Embedded frameworks
Configuration files within the application bundle
Hidden scripts or secondary binaries packaged with the app

Collection Methods
- Mobile EDR application inspection
- Static application analysis
- Application package scanning during install or sideload events

ID: DC0119

Domains: Mobile

Version: 2.1

Created: 29 March 2024

Last Modified: 11 March 2026

Log Sources

Name	Channel
Application Vetting	None
iOS:unifiedlog	Application gaining or using unexpected background execution entitlements or modes

Detection Strategy

ID	Name	Technique Detected
DET0654	Detection of Boot or Logon Initialization Scripts	T1398