ATT&CK v18 has been released! Check out the blog post or changelog for more information.

Detection of Exploitation for Privilege Escalation

Technique Detected: Exploitation for Privilege Escalation | T1404

ID: DET0665

Domains: Mobile

Analytics: AN1758, AN1759

Version: 1.0

Created: 21 October 2025

Last Modified: 21 October 2025

Version Permalink

Live Version

AN1758

Mobile security products can potentially utilize device APIs to determine if a device has been rooted or jailbroken.
Application vetting services could potentially determine if an application contains code designed to exploit vulnerabilities.

Log Sources

Data Component	Name	Channel
Host Status (DC0018)	Sensor Health	None
API Calls (DC0112)	Application Vetting	None

AN1759

Log Sources

Data Component	Name	Channel
Host Status (DC0018)	Sensor Health	None
API Calls (DC0112)	Application Vetting	None