2025-10-27 14:36:06 -04:00
{
"type" : "bundle" ,
2026-04-27 15:19:48 -04:00
"id" : "bundle--d6e771b7-5425-46de-9898-b93a1743609f" ,
2025-10-27 14:36:06 -04:00
"spec_version" : "2.0" ,
"objects" : [
{
"type" : "x-mitre-analytic" ,
"id" : "x-mitre-analytic--6bd50b74-5852-4800-b459-1c54d95348e3" ,
"created" : "2025-10-21T15:10:28.402Z" ,
"created_by_ref" : "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" ,
2026-04-27 15:19:48 -04:00
"revoked" : false ,
2025-10-27 14:36:06 -04:00
"external_references" : [
{
"source_name" : "mitre-attack" ,
"url" : "https://attack.mitre.org/detectionstrategies/DET0635#AN1708" ,
"external_id" : "AN1708"
}
] ,
"object_marking_refs" : [
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
] ,
2026-04-27 15:19:48 -04:00
"modified" : "2026-03-23T23:00:36.132Z" ,
2025-10-27 14:36:06 -04:00
"name" : "Analytic 1708" ,
2026-04-27 15:19:48 -04:00
"description" : "OLD: Monitor for API calls that are related to the AccountManager API on Android and Keychain services on iOS.\nApplication vetting services may look for `MANAGE_ACCOUNTS` in an Android application\u2019s manifest. Most applications do not need access to accounts, so extra scrutiny may be applied to those that request it.\n\nNEW: A defender observes an Android application invoking the AccountManager API. " ,
2025-10-27 14:36:06 -04:00
"x_mitre_modified_by_ref" : "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" ,
2026-04-27 15:19:48 -04:00
"x_mitre_deprecated" : false ,
"x_mitre_version" : "2.0" ,
2025-10-27 14:36:06 -04:00
"x_mitre_attack_spec_version" : "3.3.0" ,
"x_mitre_domains" : [
"mobile-attack"
] ,
"x_mitre_platforms" : [
"Android"
] ,
"x_mitre_log_source_references" : [
{
"x_mitre_data_component_ref" : "x-mitre-data-component--9bde2f9d-a695-4344-bfac-f2dce13d121e" ,
2026-04-27 15:19:48 -04:00
"name" : "android:logcat" ,
"channel" : "Invocation of AccountManager.getAccounts()"
2025-10-27 14:36:06 -04:00
}
2026-04-27 15:19:48 -04:00
]
2025-10-27 14:36:06 -04:00
}
]
}
