cti-ATT-CK-v13.1/mobile-attack/attack-pattern/attack-pattern--29e07491-8947-43a3-8d4e-9a787c45f3d3.json

{
    "type": "bundle",
    "id": "bundle--abcb1e01-57be-4f32-9606-363d67531173",
    "spec_version": "2.0",
    "objects": [
        {
            "x_mitre_platforms": [
                "Android"
            ],
            "x_mitre_domains": [
                "mobile-attack"
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "type": "attack-pattern",
            "id": "attack-pattern--29e07491-8947-43a3-8d4e-9a787c45f3d3",
            "created": "2017-10-25T14:48:17.176Z",
            "x_mitre_version": "1.0",
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "external_id": "T1413",
                    "url": "https://attack.mitre.org/techniques/T1413"
                },
                {
                    "url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-3.html",
                    "source_name": "NIST Mobile Threat Catalogue",
                    "external_id": "APP-3"
                },
                {
                    "url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-13.html",
                    "source_name": "NIST Mobile Threat Catalogue",
                    "external_id": "APP-13"
                }
            ],
            "x_mitre_deprecated": true,
            "revoked": false,
            "description": "On versions of Android prior to 4.1, an adversary may use a malicious application that holds the READ_LOGS permission to obtain private keys, passwords, other credentials, or other sensitive data stored in the device's system log. On Android 4.1 and later, an adversary would need to attempt to perform an operating system privilege escalation attack to be able to access the log.",
            "modified": "2022-04-06T15:37:34.463Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "name": "Access Sensitive Data in Device Logs",
            "x_mitre_detection": "",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "mitre-mobile-attack",
                    "phase_name": "collection"
                },
                {
                    "kill_chain_name": "mitre-mobile-attack",
                    "phase_name": "credential-access"
                }
            ],
            "x_mitre_is_subtechnique": false,
            "x_mitre_tactic_type": [
                "Post-Adversary Device Access"
            ],
            "x_mitre_attack_spec_version": "2.1.0",
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
        }
    ]
}