ATT&CK v18 has been released! Check out the blog post or changelog for more information.

Detection of Keychain

Technique Detected: Keychain | T1634.001

ID: DET0664

Domains: Mobile

Analytics: AN1757

Version: 1.0

Created: 21 October 2025

Last Modified: 21 October 2025

Version Permalink

Live Version

Analytics

AN1757

Mobile security products can potentially detect jailbroken devices.
Application vetting services may be able to detect known privilege escalation exploits contained within applications, as well as searching application packages for strings that correlate to known password store locations.

Log Sources

Data Component	Name	Channel
Host Status (DC0018)	Sensor Health	None
API Calls (DC0112)	Application Vetting	None