Check out the results from our first round of ATT&CK Evaluations at!

Mobile Matrices

Below are two ATT&CK Mobile Matrices, one for adversarial tactics and techniques involving device access, and one for network-based effects that can be used by adversaries without device access.

Device Access

Last Modified: 2018-10-17T00:14:20.652Z
Initial AccessPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementEffectsCollectionExfiltrationCommand and Control
Deliver Malicious App via Authorized App StoreAbuse Device Administrator Access to Prevent RemovalExploit OS VulnerabilityApplication DiscoveryAbuse Accessibility FeaturesApplication DiscoveryAttack PC via USB ConnectionEncrypt Files for RansomAbuse Accessibility FeaturesAlternate Network MediumsAlternate Network Mediums
Deliver Malicious App via Other MeansApp Auto-Start at Device BootExploit TEE VulnerabilityDisguise Root/Jailbreak IndicatorsAccess Sensitive Data in Device LogsDevice Type DiscoveryExploit Enterprise ResourcesGenerate Fraudulent Advertising RevenueAccess Calendar EntriesCommonly Used PortCommonly Used Port
Drive-by CompromiseModify OS Kernel or Boot PartitionDownload New Code at RuntimeAccess Sensitive Data or Credentials in FilesFile and Directory DiscoveryLock User Out of DeviceAccess Call LogStandard Application Layer ProtocolStandard Application Layer Protocol
Exploit via Charging Station or PCModify System PartitionInstall Insecure or Malicious ConfigurationAndroid Intent HijackingLocal Network Configuration DiscoveryManipulate App Store Rankings or RatingsAccess Contact List
Exploit via Radio InterfacesModify Trusted Execution EnvironmentModify OS Kernel or Boot PartitionCapture Clipboard DataLocal Network Connections DiscoveryPremium SMS Toll FraudAccess Sensitive Data in Device Logs
Install Insecure or Malicious ConfigurationModify cached executable codeModify System PartitionCapture SMS MessagesNetwork Service ScanningWipe Device DataAccess Sensitive Data or Credentials in Files
Lockscreen BypassModify Trusted Execution EnvironmentExploit TEE VulnerabilityProcess DiscoveryCapture Clipboard Data
Repackaged ApplicationObfuscated or Encrypted PayloadMalicious Third Party Keyboard AppSystem Information DiscoveryCapture SMS Messages
Supply Chain CompromiseNetwork Traffic Capture or RedirectionLocation Tracking
URL Scheme HijackingMalicious Third Party Keyboard App
User Interface SpoofingMicrophone or Camera Recordings
Network Traffic Capture or Redirection

Network-Based Effects

Last Modified: 2018-10-17T00:14:20.652Z