Mobile Matrices

Below are two ATT&CK Mobile Matrices, one for adversarial tactics and techniques involving device access, and one for network-based effects that can be used by adversaries without device access.

Device Access

Last Modified: 2019-02-01 17:29:43.503000
Initial AccessPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementEffectsCollectionExfiltrationCommand and Control
Deliver Malicious App via Authorized App StoreAbuse Device Administrator Access to Prevent RemovalExploit OS VulnerabilityApplication DiscoveryAbuse Accessibility FeaturesApplication DiscoveryAttack PC via USB ConnectionEncrypt FilesAbuse Accessibility FeaturesAlternate Network MediumsAlternate Network Mediums
Deliver Malicious App via Other MeansApp Auto-Start at Device BootExploit TEE VulnerabilityDisguise Root/Jailbreak IndicatorsAccess Sensitive Data in Device LogsDevice Type DiscoveryExploit Enterprise ResourcesGenerate Fraudulent Advertising RevenueAccess Calendar EntriesCommonly Used PortCommonly Used Port
Drive-by CompromiseModify OS Kernel or Boot PartitionDownload New Code at RuntimeAccess Sensitive Data or Credentials in FilesFile and Directory DiscoveryLock User Out of DeviceAccess Call LogStandard Application Layer ProtocolStandard Application Layer Protocol
Exploit via Charging Station or PCModify System PartitionInstall Insecure or Malicious ConfigurationAndroid Intent HijackingNetwork Service ScanningManipulate App Store Rankings or RatingsAccess Contact ListWeb Service
Exploit via Radio InterfacesModify Trusted Execution EnvironmentModify OS Kernel or Boot PartitionCapture Clipboard DataProcess DiscoveryPremium SMS Toll FraudAccess Sensitive Data in Device Logs
Install Insecure or Malicious ConfigurationModify cached executable codeModify System PartitionCapture SMS MessagesSystem Information DiscoveryWipe Device DataAccess Sensitive Data or Credentials in Files
Lockscreen BypassModify Trusted Execution EnvironmentExploit TEE VulnerabilitySystem Network Configuration DiscoveryCapture Clipboard Data
Repackaged ApplicationObfuscated Files or InformationMalicious Third Party Keyboard AppSystem Network Connections DiscoveryCapture SMS Messages
Supply Chain CompromiseNetwork Traffic Capture or RedirectionLocation Tracking
URL Scheme HijackingMalicious Third Party Keyboard App
User Interface SpoofingMicrophone or Camera Recordings
Network Traffic Capture or Redirection

Network-Based Effects

Last Modified: 2019-02-01 17:29:43.503000