test_scratch
/
cti-ATT-CK-v13.1
/mobile-attack
/attack-pattern
/attack-pattern--039bc59c-ecc7-4997-b2b4-4ab728bd91aa.json
| { | |
| "type": "bundle", | |
| "id": "bundle--d0544880-3945-421e-8d41-0ba7e91c8e2f", | |
| "spec_version": "2.0", | |
| "objects": [ | |
| { | |
| "x_mitre_platforms": [ | |
| "Android", | |
| "iOS" | |
| ], | |
| "x_mitre_domains": [ | |
| "mobile-attack" | |
| ], | |
| "object_marking_refs": [ | |
| "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" | |
| ], | |
| "type": "attack-pattern", | |
| "id": "attack-pattern--039bc59c-ecc7-4997-b2b4-4ab728bd91aa", | |
| "created": "2019-10-30T15:37:55.029Z", | |
| "x_mitre_version": "1.0", | |
| "external_references": [ | |
| { | |
| "source_name": "mitre-attack", | |
| "external_id": "T1540", | |
| "url": "https://attack.mitre.org/techniques/T1540" | |
| }, | |
| { | |
| "source_name": "Fadeev Code Injection Aug 2018", | |
| "url": "https://fadeevab.com/shared-library-injection-on-android-8/", | |
| "description": "Alexandr Fadeev. (2018, August 26). Shared Library Injection on Android 8.0. Retrieved October 30, 2019." | |
| }, | |
| { | |
| "source_name": "Google Triada June 2019", | |
| "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html", | |
| "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019." | |
| }, | |
| { | |
| "source_name": "Shunix Code Injection Mar 2016", | |
| "url": "https://shunix.com/shared-library-injection-in-android/", | |
| "description": "Shunix . (2016, March 22). Shared Library Injection in Android. Retrieved October 30, 2019." | |
| } | |
| ], | |
| "x_mitre_deprecated": false, | |
| "revoked": true, | |
| "description": "Adversaries may use code injection attacks to implant arbitrary code into the address space of a running application. Code is then executed or interpreted by that application. Adversaries utilizing this technique may exploit capabilities to load code in at runtime through dynamic libraries.\n\nWith root access, `ptrace` can be used to target specific applications and load shared libraries into its process memory.(Citation: Shunix Code Injection Mar 2016)(Citation: Fadeev Code Injection Aug 2018) By injecting code, an adversary may be able to gain access to higher permissions held by the targeted application by executing as the targeted application. In addition, the adversary may be able to evade detection or enable persistent access to a system under the guise of the application\u2019s process.(Citation: Google Triada June 2019)\n", | |
| "modified": "2022-03-30T19:14:20.369Z", | |
| "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", | |
| "name": "Code Injection", | |
| "x_mitre_detection": "Code injection can be difficult to detect, and therefore enterprises may be better served focusing on detection at other stages of adversarial behavior.", | |
| "kill_chain_phases": [ | |
| { | |
| "kill_chain_name": "mitre-mobile-attack", | |
| "phase_name": "persistence" | |
| }, | |
| { | |
| "kill_chain_name": "mitre-mobile-attack", | |
| "phase_name": "privilege-escalation" | |
| }, | |
| { | |
| "kill_chain_name": "mitre-mobile-attack", | |
| "phase_name": "defense-evasion" | |
| } | |
| ], | |
| "x_mitre_is_subtechnique": false, | |
| "x_mitre_tactic_type": [ | |
| "Post-Adversary Device Access" | |
| ], | |
| "x_mitre_attack_spec_version": "2.1.0", | |
| "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" | |
| } | |
| ] | |
| } |