Visual activity on the device that could alert the user to potentially malicious behavior.
System prompts triggered when an application requests new or additional permissions
System prompts triggered when an application requests new or additional permissions
| Domain | ID | Name | |
|---|---|---|---|
| Mobile | T1626 | Abuse Elevation Control Mechanism | |
| .001 | Device Administrator Permissions | ||
| Mobile | T1638 | Adversary-in-the-Middle | |
| Mobile | T1420 | File and Directory Discovery | |
Notifications generated by the OS
Notifications generated by the OS
| Domain | ID | Name | |
|---|---|---|---|
| Mobile | T1627 | .001 | Execution Guardrails: Geofencing |
| Mobile | T1541 | Foreground Persistence | |
| Mobile | T1430 | .001 | Location Tracking: Remote Device Management Services |
| Mobile | T1464 | Network Denial of Service | |
| Mobile | T1644 | Out of Band Data | |
| Mobile | T1635 | Steal Application Access Token | |
| .001 | URI Hijacking | ||
Settings visible to the user on the device
Settings visible to the user on the device
| Domain | ID | Name | |
|---|---|---|---|
| Mobile | T1626 | .001 | Abuse Elevation Control Mechanism: Device Administrator Permissions |
| Mobile | T1517 | Access Notifications | |
| Mobile | T1429 | Audio Capture | |
| Mobile | T1616 | Call Control | |
| Mobile | T1642 | Endpoint Denial of Service | |
| Mobile | T1627 | Execution Guardrails | |
| .001 | Geofencing | ||
| Mobile | T1643 | Generate Traffic from Victim | |
| Mobile | T1628 | Hide Artifacts | |
| .001 | Suppress Application Icon | ||
| Mobile | T1629 | .001 | Impair Defenses: Prevent Application Removal |
| .002 | Impair Defenses: Device Lockout | ||
| .003 | Impair Defenses: Disable or Modify Tools | ||
| Mobile | T1630 | Indicator Removal on Host | |
| .001 | Uninstall Malicious Application | ||
| .002 | File Deletion | ||
| Mobile | T1417 | Input Capture | |
| .001 | Keylogging | ||
| .002 | GUI Input Capture | ||
| Mobile | T1430 | Location Tracking | |
| Mobile | T1636 | Protected User Data | |
| .001 | Calendar Entries | ||
| .002 | Call Log | ||
| .003 | Contact List | ||
| .004 | SMS Messages | ||
| Mobile | T1513 | Screen Capture | |
| Mobile | T1582 | SMS Control | |
| Mobile | T1632 | Subvert Trust Controls | |
| .001 | Code Signing Policy Modification | ||
| Mobile | T1512 | Video Capture | |