File size: 2,209 Bytes
5fe70fd |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 |
{
"type": "bundle",
"id": "bundle--a3fe9a28-0422-4602-b6eb-7b939d99848a",
"spec_version": "2.0",
"objects": [
{
"modified": "2023-03-20T18:40:12.912Z",
"name": "Disable or Modify Tools",
"description": "Adversaries may disable security tools to avoid potential detection of their tools and activities. This can take the form of disabling security software, modifying SELinux configuration, or other methods to interfere with security tools scanning or reporting information. This is typically done by abusing device administrator permissions or using system exploits to gain root access to the device to modify protected system files.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-mobile-attack",
"phase_name": "defense-evasion"
}
],
"x_mitre_deprecated": false,
"x_mitre_detection": "Users can view a list of active device administrators in the device settings.",
"x_mitre_domains": [
"mobile-attack"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Android"
],
"x_mitre_version": "1.1",
"x_mitre_tactic_type": [
"Post-Adversary Device Access"
],
"type": "attack-pattern",
"id": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
"created": "2022-04-01T18:51:13.963Z",
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
"revoked": false,
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://attack.mitre.org/techniques/T1629/003",
"external_id": "T1629.003"
}
],
"object_marking_refs": [
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
],
"x_mitre_attack_spec_version": "3.1.0",
"x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
}
]
} |