ATT&CK v18 has been released! Check out the blog post or changelog for more information.

Detection of Ingress Tool Transfer

Technique Detected: Ingress Tool Transfer | T1544

ID: DET0718

Domains: Mobile

Analytics: AN1848, AN1849

Version: 1.0

Created: 21 October 2025

Last Modified: 21 October 2025

Version Permalink

Live Version

AN1848

Application vetting services could look for connections to unknown domains or IP addresses.
Application vetting services may indicate precisely what content was requested during application execution.

Log Sources

Data Component	Name	Channel
Network Communication (DC0113)	Application Vetting	None
Permissions Requests (DC0114)	Application Vetting	None

AN1849

Log Sources

Data Component	Name	Channel
Network Communication (DC0113)	Application Vetting	None
Permissions Requests (DC0114)	Application Vetting	None