Register to stream ATT&CKcon 2.0 October 29-30

Mobile Matrices

Below are two ATT&CK Mobile Matrices, one for adversarial tactics and techniques involving device access, and one for network-based effects that can be used by adversaries without device access.

Device Access

Last Modified: 2019-07-11 18:09:42.039000
Initial Access Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Impact Collection Exfiltration Command and Control
Deliver Malicious App via Authorized App Store Abuse Device Administrator Access to Prevent Removal Exploit OS Vulnerability Application Discovery Abuse Accessibility Features Application Discovery Attack PC via USB Connection Encrypt Files Abuse Accessibility Features Alternate Network Mediums Alternate Network Mediums
Deliver Malicious App via Other Means App Auto-Start at Device Boot Exploit TEE Vulnerability Disguise Root/Jailbreak Indicators Access Sensitive Data in Device Logs Device Type Discovery Exploit Enterprise Resources Generate Fraudulent Advertising Revenue Access Calendar Entries Commonly Used Port Commonly Used Port
Drive-by Compromise Modify cached executable code Download New Code at Runtime Access Sensitive Data or Credentials in Files File and Directory Discovery Lock User Out of Device Access Call Log Standard Application Layer Protocol Standard Application Layer Protocol
Exploit via Charging Station or PC Modify OS Kernel or Boot Partition Install Insecure or Malicious Configuration Android Intent Hijacking Network Service Scanning Manipulate App Store Rankings or Ratings Access Contact List Web Service
Exploit via Radio Interfaces Modify System Partition Modify OS Kernel or Boot Partition Capture Clipboard Data Process Discovery Premium SMS Toll Fraud Access Sensitive Data in Device Logs
Install Insecure or Malicious Configuration Modify Trusted Execution Environment Modify System Partition Capture SMS Messages System Information Discovery Wipe Device Data Access Sensitive Data or Credentials in Files
Lockscreen Bypass Modify Trusted Execution Environment Exploit TEE Vulnerability System Network Configuration Discovery Capture Clipboard Data
Repackaged Application Obfuscated Files or Information Malicious Third Party Keyboard App System Network Connections Discovery Capture SMS Messages
Supply Chain Compromise Network Traffic Capture or Redirection Location Tracking
URL Scheme Hijacking Malicious Third Party Keyboard App
User Interface Spoofing Microphone or Camera Recordings
Network Traffic Capture or Redirection

Network-Based Effects

Last Modified: 2019-07-11 18:09:42.039000