The sub-techniques beta is now live! Read the release blog post for more info.

Android Matrices

Below are the tactics and techniques representing the two MITRE ATT&CK® Matrices for Mobile. The Matrices cover techniques involving device access and network-based effects that can be used by adversaries without device access. The Matrices contains information for the Android platform.

Device Access

Last Modified: 2019-10-24 08:29:36.078906
Initial Access Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Impact Collection Exfiltration Command and Control
Deliver Malicious App via Authorized App Store Abuse Device Administrator Access to Prevent Removal Exploit OS Vulnerability Application Discovery Access Notifications Application Discovery Attack PC via USB Connection Clipboard Modification Access Calendar Entries Alternate Network Mediums Alternate Network Mediums
Deliver Malicious App via Other Means App Auto-Start at Device Boot Exploit TEE Vulnerability Device Lockout Access Sensitive Data in Device Logs Evade Analysis Environment Exploit Enterprise Resources Data Encrypted for Impact Access Call Log Commonly Used Port Commonly Used Port
Drive-by Compromise Modify Cached Executable Code Disguise Root/Jailbreak Indicators Access Stored Application Data File and Directory Discovery Delete Device Data Access Contact List Data Encrypted Domain Generation Algorithms
Exploit via Charging Station or PC Modify OS Kernel or Boot Partition Download New Code at Runtime Android Intent Hijacking Location Tracking Device Lockout Access Notifications Standard Application Layer Protocol Standard Application Layer Protocol
Exploit via Radio Interfaces Modify System Partition Evade Analysis Environment Capture Clipboard Data Network Service Scanning Generate Fraudulent Advertising Revenue Access Sensitive Data in Device Logs Standard Cryptographic Protocol
Install Insecure or Malicious Configuration Modify Trusted Execution Environment Input Injection Capture SMS Messages Process Discovery Input Injection Access Stored Application Data Uncommonly Used Port
Lockscreen Bypass Install Insecure or Malicious Configuration Exploit TEE Vulnerability System Information Discovery Manipulate App Store Rankings or Ratings Capture Audio Web Service
Masquerade as Legitimate Application Modify OS Kernel or Boot Partition Input Capture System Network Configuration Discovery Modify System Partition Capture Camera
Supply Chain Compromise Modify System Partition Input Prompt System Network Connections Discovery Premium SMS Toll Fraud Capture Clipboard Data
Modify Trusted Execution Environment Network Traffic Capture or Redirection Capture SMS Messages
Obfuscated Files or Information Data from Local System
Suppress Application Icon Input Capture
Location Tracking
Network Information Discovery
Network Traffic Capture or Redirection
Screen Capture

Network-Based Effects

Last Modified: 2019-10-24 08:29:36.078906