test_scratch
/
cti-ATT-CK-v13.1
/mobile-attack
/attack-pattern
/attack-pattern--2204c371-6100-4ae0-82f3-25c07c29772a.json
{ | |
"type": "bundle", | |
"id": "bundle--41678525-7554-432b-9448-d83257461c68", | |
"spec_version": "2.0", | |
"objects": [ | |
{ | |
"x_mitre_platforms": [ | |
"Android" | |
], | |
"x_mitre_domains": [ | |
"mobile-attack" | |
], | |
"x_mitre_contributors": [ | |
"Luk\u00e1\u0161 \u0160tefanko, ESET" | |
], | |
"object_marking_refs": [ | |
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" | |
], | |
"id": "attack-pattern--2204c371-6100-4ae0-82f3-25c07c29772a", | |
"type": "attack-pattern", | |
"created": "2017-10-25T14:48:08.613Z", | |
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", | |
"external_references": [ | |
{ | |
"source_name": "mitre-mobile-attack", | |
"external_id": "T1453", | |
"url": "https://attack.mitre.org/techniques/T1453" | |
}, | |
{ | |
"url": "https://www.skycure.com/blog/accessibility-clickjacking/", | |
"description": "Yair Amit. (2016, March 3). \u201cAccessibility Clickjacking\u201d \u2013 The Next Evolution in Android Malware that Impacts More Than 500 Million Devices. Retrieved December 21, 2016.", | |
"source_name": "Skycure-Accessibility" | |
}, | |
{ | |
"description": "Luk\u00e1\u0161 \u0160tefanko. (2018, December 11). Android Trojan steals money from PayPal accounts even with 2FA on. Retrieved July 11, 2019.", | |
"url": "https://www.welivesecurity.com/2018/12/11/android-trojan-steals-money-paypal-accounts-2fa/", | |
"source_name": "android-trojan-steals-paypal-2fa" | |
}, | |
{ | |
"source_name": "banking-trojans-google-play", | |
"url": "https://www.welivesecurity.com/2018/10/24/banking-trojans-continue-surface-google-play/", | |
"description": "Luk\u00e1\u0161 \u0160tefanko. (2018, October 24). Banking Trojans continue to surface on Google Play. Retrieved July 11, 2019." | |
} | |
], | |
"modified": "2020-03-30T14:03:43.761Z", | |
"name": "Abuse Accessibility Features", | |
"description": "**This technique has been deprecated. Please use [Input Capture](https://attack.mitre.org/techniques/T1417), [Input Injection](https://attack.mitre.org/techniques/T1516), and [Input Prompt](https://attack.mitre.org/techniques/T1411) where appropriate.**\n\nA malicious app could abuse Android's accessibility features to capture sensitive data or perform other malicious actions.(Citation: Skycure-Accessibility)\n\nAdversaries may abuse accessibility features on Android to emulate a user's clicks, for example to steal money from a user's bank account.(Citation: android-trojan-steals-paypal-2fa)(Citation: banking-trojans-google-play)\n\nAdversaries may abuse accessibility features on Android devices to evade defenses by repeatedly clicking the \"Back\" button when a targeted app manager or mobile security app is launched, or when strings suggesting uninstallation are detected in the foreground. This effectively prevents the malicious application from being uninstalled.(Citation: android-trojan-steals-paypal-2fa)", | |
"kill_chain_phases": [ | |
{ | |
"kill_chain_name": "mitre-mobile-attack", | |
"phase_name": "collection" | |
}, | |
{ | |
"kill_chain_name": "mitre-mobile-attack", | |
"phase_name": "credential-access" | |
}, | |
{ | |
"kill_chain_name": "mitre-mobile-attack", | |
"phase_name": "impact" | |
}, | |
{ | |
"kill_chain_name": "mitre-mobile-attack", | |
"phase_name": "defense-evasion" | |
} | |
], | |
"x_mitre_deprecated": true, | |
"x_mitre_version": "2.0", | |
"x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", | |
"x_mitre_tactic_type": [ | |
"Post-Adversary Device Access" | |
], | |
"x_mitre_is_subtechnique": false | |
} | |
] | |
} |