ATT&CK v18 has been released! Check out the blog post or changelog for more information.

Detection of System Runtime API Hijacking

ID: DET0689

Domains: Mobile

Analytics: AN1800

Version: 1.0

Created: 21 October 2025

Last Modified: 21 October 2025

Live Version

Analytics

Mobile threat defense agents could detect unauthorized operating system modifications by using attestation.

Data Component	Name	Channel
Host Status (DC0018)	Sensor Health	None