ATT&CK v12.0 Mobile

2022-10-25 10:10:21 -04:00
parent e9c117e039
commit ef89c24106
1364 changed files with 25584 additions and 25088 deletions
@@ -1,44 +1,10 @@
 {
    "type": "bundle",
-    "id": "bundle--a807a930-6a25-4789-ab86-7a1a304fba38",
+    "id": "bundle--73002265-876c-44dc-9a19-dcafc22b7779",
    "spec_version": "2.0",
    "objects": [
        {
-            "x_mitre_platforms": [
-                "Android",
-                "iOS"
-            ],
-            "x_mitre_domains": [
-                "mobile-attack"
-            ],
-            "x_mitre_contributors": [
-                "Lorin Wu, Trend Micro"
-            ],
-            "object_marking_refs": [
-                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-            ],
-            "id": "attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d",
-            "type": "attack-pattern",
-            "created": "2020-11-04T16:43:31.619Z",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-            "external_references": [
-                {
-                    "source_name": "mitre-mobile-attack",
-                    "external_id": "T1603",
-                    "url": "https://attack.mitre.org/techniques/T1603"
-                },
-                {
-                    "source_name": "Android WorkManager",
-                    "url": "https://developer.android.com/topic/libraries/architecture/workmanager",
-                    "description": "Google. (n.d.). Schedule tasks with WorkManager. Retrieved November 4, 2020."
-                },
-                {
-                    "source_name": "Apple NSBackgroundActivityScheduler",
-                    "url": "https://developer.apple.com/documentation/foundation/nsbackgroundactivityscheduler",
-                    "description": "Apple. (n.d.). NSBackgroundActivityScheduler. Retrieved November 4, 2020."
-                }
-            ],
-            "modified": "2020-11-04T19:45:38.144Z",
+            "modified": "2022-10-24T15:09:07.609Z",
            "name": "Scheduled Task/Job",
            "description": "Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. On Android and iOS, APIs and libraries exist to facilitate scheduling tasks to execute at a specified date, time, or interval.\n\nOn Android, the `WorkManager` API allows asynchronous tasks to be scheduled with the system. `WorkManager` was introduced to unify task scheduling on Android, using `JobScheduler`, `GcmNetworkManager`, and `AlarmManager` internally. `WorkManager` offers a lot of flexibility for scheduling, including periodically, one time, or constraint-based (e.g. only when the device is charging).(Citation: Android WorkManager)\n\nOn iOS, the `NSBackgroundActivityScheduler` API allows asynchronous tasks to be scheduled with the system. The tasks can be scheduled to be repeating or non-repeating, however, the system chooses when the tasks will be executed. The app can choose the interval for repeating tasks, or the delay between scheduling and execution for one-time tasks.(Citation: Apple NSBackgroundActivityScheduler)",
            "kill_chain_phases": [
@@ -51,12 +17,48 @@
                    "phase_name": "persistence"
                }
            ],
-            "x_mitre_detection": "Scheduling tasks/jobs can be difficult to detect, and therefore enterprises may be better served focusing on detection at other stages of adversarial behavior.",
-            "x_mitre_version": "1.0",
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_detection": "Scheduling tasks/jobs can be difficult to detect, and therefore enterprises may be better served focusing on detection at other stages of adversarial behavior.",
+            "x_mitre_platforms": [
+                "Android",
+                "iOS"
+            ],
+            "x_mitre_domains": [
+                "mobile-attack"
+            ],
+            "x_mitre_version": "1.0",
+            "x_mitre_contributors": [
+                "Lorin Wu, Trend Micro"
+            ],
            "x_mitre_tactic_type": [
                "Post-Adversary Device Access"
-            ]
+            ],
+            "type": "attack-pattern",
+            "id": "attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d",
+            "created": "2020-11-04T16:43:31.619Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "external_references": [
+                {
+                    "source_name": "mitre-attack",
+                    "url": "https://attack.mitre.org/techniques/T1603",
+                    "external_id": "T1603"
+                },
+                {
+                    "source_name": "Android WorkManager",
+                    "description": "Google. (n.d.). Schedule tasks with WorkManager. Retrieved November 4, 2020.",
+                    "url": "https://developer.android.com/topic/libraries/architecture/workmanager"
+                },
+                {
+                    "source_name": "Apple NSBackgroundActivityScheduler",
+                    "description": "Apple. (n.d.). NSBackgroundActivityScheduler. Retrieved November 4, 2020.",
+                    "url": "https://developer.apple.com/documentation/foundation/nsbackgroundactivityscheduler"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "x_mitre_attack_spec_version": "2.1.0",
+            "x_mitre_is_subtechnique": false
        }
    ]
 }
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--7bbcc04c-9333-418b-9da5-16d49d46b858",
+    "id": "bundle--9d291b44-6fd4-4d81-8b4f-2a5ea12e3ca4",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--4d7eb8b5-89c4-4b02-bad4-c70c61eece42",
+    "id": "bundle--28660bb2-c3c2-4743-ab91-7b20e4ac3051",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--de77225d-7087-4627-9eb8-256b4ec4ea4e",
+    "id": "bundle--402bcd38-eaee-43b3-b8f7-4b531583b21b",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--a3181639-e85a-4f9d-9974-84e82dc6ab36",
+    "id": "bundle--557f6abf-786b-4e7a-8a16-9f419ed14476",
    "spec_version": "2.0",
    "objects": [
        {
@@ -33,7 +33,8 @@
            "x_mitre_version": "1.0",
            "x_mitre_tactic_type": [
                "Post-Adversary Device Access"
-            ]
+            ],
+            "x_mitre_is_subtechnique": false
        }
    ]
 }
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--067de560-2186-4e79-bef6-49a3a5910f85",
+    "id": "bundle--a5a9f230-25a3-46de-8b4c-45fab35c56e8",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--99d3fadc-98e1-4d08-9c0f-6b6fb7618b6f",
+    "id": "bundle--c3a681c2-27d7-4b80-90d2-d648806bf6e4",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--a088edbd-fb97-4f66-b115-e312cdf22e0e",
+    "id": "bundle--ec7240c4-9ec1-40fc-998a-c8120f4f6259",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--8179cb62-340e-4581-8f71-0a65f5fb3d13",
+    "id": "bundle--7900cfa8-ccc6-45ab-bf92-855b1b026ce6",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,38 +1,53 @@
 {
    "type": "bundle",
-    "id": "bundle--d0d95ee5-3c81-4384-83a2-c88f7e98f0b0",
+    "id": "bundle--00ce2d31-fdee-4d36-8ff9-45179c602ed4",
    "spec_version": "2.0",
    "objects": [
        {
+            "modified": "2022-10-21T13:44:56.301Z",
+            "name": "Impersonate SS7 Nodes",
+            "description": "Adversaries may exploit the lack of authentication in signaling system network nodes to track the to track the location of mobile devices by impersonating a node.(Citation: Engel-SS7)(Citation: Engel-SS7-2008)(Citation: 3GPP-Security)(Citation: Positive-SS7)(Citation: CSRIC5-WG10-FinalReport) \n\n \n\nBy providing the victim\u2019s MSISDN (phone number) and impersonating network internal nodes to query subscriber information from other nodes, adversaries may use data collected from each hop to eventually determine the device\u2019s geographical cell area or nearest cell tower.(Citation: Engel-SS7)",
+            "kill_chain_phases": [
+                {
+                    "kill_chain_name": "mitre-mobile-attack",
+                    "phase_name": "collection"
+                },
+                {
+                    "kill_chain_name": "mitre-mobile-attack",
+                    "phase_name": "discovery"
+                }
+            ],
+            "x_mitre_detection": "Network carriers may be able to use firewalls, Intrusion Detection Systems (IDS), or Intrusion Prevention Systems (IPS) to detect and/or block SS7 exploitation.(Citation: CSRIC-WG1-FinalReport) The CSRIC also suggests threat information sharing between telecommunications industry members.",
            "x_mitre_platforms": [
                "Android",
                "iOS"
            ],
+            "x_mitre_is_subtechnique": true,
+            "x_mitre_deprecated": false,
            "x_mitre_domains": [
                "mobile-attack"
            ],
-            "object_marking_refs": [
-                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-            ],
+            "x_mitre_version": "1.0",
            "type": "attack-pattern",
            "id": "attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7",
            "created": "2022-04-05T19:49:58.938Z",
-            "x_mitre_version": "1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
            "external_references": [
                {
                    "source_name": "mitre-attack",
-                    "external_id": "T1430.002",
-                    "url": "https://attack.mitre.org/techniques/T1430/002"
+                    "url": "https://attack.mitre.org/techniques/T1430/002",
+                    "external_id": "T1430.002"
                },
                {
                    "source_name": "3GPP-Security",
-                    "url": "http://www.3gpp.org/ftp/tsg_sa/wg3_security/_specs/33900-120.pdf",
-                    "description": "3GPP. (2000, January). A Guide to 3rd Generation Security. Retrieved December 19, 2016."
+                    "description": "3GPP. (2000, January). A Guide to 3rd Generation Security. Retrieved December 19, 2016.",
+                    "url": "http://www.3gpp.org/ftp/tsg_sa/wg3_security/_specs/33900-120.pdf"
                },
                {
                    "source_name": "CSRIC5-WG10-FinalReport",
-                    "url": "https://www.fcc.gov/files/csric5-wg10-finalreport031517pdf",
-                    "description": "Communications Security, Reliability, Interoperability Council (CSRIC). (2017, March). Working Group 10 Legacy Systems Risk Reductions Final Report. Retrieved May 24, 2017."
+                    "description": "Communications Security, Reliability, Interoperability Council (CSRIC). (2017, March). Working Group 10 Legacy Systems Risk Reductions Final Report. Retrieved May 24, 2017.",
+                    "url": "https://www.fcc.gov/files/csric5-wg10-finalreport031517pdf"
                },
                {
                    "source_name": "CSRIC-WG1-FinalReport",
@@ -40,43 +55,28 @@
                },
                {
                    "source_name": "Positive-SS7",
-                    "url": "https://www.ptsecurity.com/upload/ptcom/PT-SS7-AD-Data-Sheet-eng.pdf",
-                    "description": "Positive Technologies. (n.d.). SS7 Attack Discovery. Retrieved December 19, 2016."
+                    "description": "Positive Technologies. (n.d.). SS7 Attack Discovery. Retrieved December 19, 2016.",
+                    "url": "https://www.ptsecurity.com/upload/ptcom/PT-SS7-AD-Data-Sheet-eng.pdf"
                },
                {
                    "source_name": "Engel-SS7-2008",
-                    "url": "https://www.youtube.com/watch?v=q0n5ySqbfdI",
-                    "description": "Tobias Engel. (2008, December). Locating Mobile Phones using SS7. Retrieved December 19, 2016."
+                    "description": "Tobias Engel. (2008, December). Locating Mobile Phones using SS7. Retrieved December 19, 2016.",
+                    "url": "https://www.youtube.com/watch?v=q0n5ySqbfdI"
                },
                {
                    "source_name": "Engel-SS7",
-                    "url": "https://berlin.ccc.de/~tobias/31c3-ss7-locate-track-manipulate.pdf",
-                    "description": "Tobias Engel. (2014, December). SS7: Locate. Track. Manipulate.. Retrieved December 19, 2016."
+                    "description": "Tobias Engel. (2014, December). SS7: Locate. Track. Manipulate.. Retrieved December 19, 2016.",
+                    "url": "https://berlin.ccc.de/~tobias/31c3-ss7-locate-track-manipulate.pdf"
                },
                {
-                    "url": "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-38.html",
                    "source_name": "NIST Mobile Threat Catalogue",
+                    "url": "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-38.html",
                    "external_id": "CEL-38"
                }
            ],
-            "x_mitre_deprecated": false,
-            "revoked": false,
-            "description": "Adversaries may exploit the lack of authentication in signaling system network nodes to track the to track the location of mobile devices by impersonating a node.(Citation: Engel-SS7)(Citation: Engel-SS7-2008)(Citation: 3GPP-Security)(Citation: Positive-SS7)(Citation: CSRIC5-WG10-FinalReport) \n\n \n\nBy providing the victim\u2019s MSISDN (phone number) and impersonating network internal nodes to query subscriber information from other nodes, adversaries may use data collected from each hop to eventually determine the device\u2019s geographical cell area or nearest cell tower.(Citation: Engel-SS7)",
-            "modified": "2022-04-11T19:10:05.885Z",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-            "name": "Impersonate SS7 Nodes",
-            "x_mitre_detection": "Network carriers may be able to use firewalls, Intrusion Detection Systems (IDS), or Intrusion Prevention Systems (IPS) to detect and/or block SS7 exploitation.(Citation: CSRIC-WG1-FinalReport) The CSRIC also suggests threat information sharing between telecommunications industry members.",
-            "kill_chain_phases": [
-                {
-                    "phase_name": "collection",
-                    "kill_chain_name": "mitre-mobile-attack"
-                },
-                {
-                    "phase_name": "discovery",
-                    "kill_chain_name": "mitre-mobile-attack"
-                }
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
-            "x_mitre_is_subtechnique": true,
            "x_mitre_attack_spec_version": "2.1.0",
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
        }
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--b3a3feee-1681-47ba-acb6-b9cd37970e0a",
+    "id": "bundle--d082bd02-8096-43b8-af0a-603f18eb8ed9",
    "spec_version": "2.0",
    "objects": [
        {
@@ -20,7 +20,8 @@
            ],
            "modified": "2018-10-17T01:05:10.699Z",
            "name": "Insecure Third-Party Libraries",
-            "x_mitre_version": "1.0"
+            "x_mitre_version": "1.0",
+            "x_mitre_is_subtechnique": false
        }
    ]
 }
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--56b238bf-867e-47b3-964f-3e3fce3be628",
+    "id": "bundle--ca10b00b-ae6e-453d-a360-0f8308ffc467",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--f77e6e2e-1070-43eb-a256-56db70eb15ce",
+    "id": "bundle--8b62ebe8-aaab-4946-bc6f-7a50d7ac8aea",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--54ec31a6-cc0c-43c6-b4be-83a5b7434243",
+    "id": "bundle--e72ab6f4-aabf-4de3-b8a5-28e3ce1d1e22",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--763720f5-0c6b-4012-96d6-5f806df1e71e",
+    "id": "bundle--eeec7cae-1baa-451b-97ab-1662ca85dd99",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--958bdb55-963c-475b-b6b3-09e650d32f48",
+    "id": "bundle--972f1804-e356-45a1-a269-a3833684f234",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--cd3daa73-08d8-47e1-8347-81f75745139c",
+    "id": "bundle--af48ac4d-bb1f-4030-b6ed-349cacbce986",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--cbdee11e-0ddd-4fe9-9500-e3af735fd8c1",
+    "id": "bundle--0f5d9464-a65e-4d21-b82c-c98d5420cb44",
    "spec_version": "2.0",
    "objects": [
        {
@@ -20,7 +20,8 @@
            ],
            "modified": "2018-10-17T01:05:10.699Z",
            "name": "App Delivered via Email Attachment",
-            "x_mitre_version": "1.0"
+            "x_mitre_version": "1.0",
+            "x_mitre_is_subtechnique": false
        }
    ]
 }
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--02dba93a-4bc3-47b3-8861-172ebc7fee88",
+    "id": "bundle--911e2363-a301-4898-aeb6-078b9cd14c65",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--01a605f3-3f75-4beb-87b5-1373de6c8cf6",
+    "id": "bundle--49758e81-17eb-43a5-8c7b-1d2ce6e684d4",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--2d2b3f7a-3db9-4080-baf8-6d1626dd5293",
+    "id": "bundle--4311240c-1804-4f2b-a0e2-5a0e4a90d4c7",
    "spec_version": "2.0",
    "objects": [
        {
@@ -68,7 +68,8 @@
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "x_mitre_tactic_type": [
                "Post-Adversary Device Access"
-            ]
+            ],
+            "x_mitre_is_subtechnique": false
        }
    ]
 }
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--5e78ff1f-9b49-47d4-806f-331a01e220f3",
+    "id": "bundle--9670e5fb-90fd-4851-9883-8d41f9632cc9",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--9b1c42e7-88fd-4c9e-a09e-6e53c568b2d4",
+    "id": "bundle--53310f6b-be11-4448-bbdc-21567c957520",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--31766d5a-36dd-45f1-94ad-de973dbae53d",
+    "id": "bundle--774e8d80-6890-452a-a0ee-6dfb46c8ec45",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--8dbf9fd1-0dbb-41dc-9f59-9f0c9808fd89",
+    "id": "bundle--833f2659-bace-4daf-9360-67abbf78d37c",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--81c88c82-a54e-4c99-bd17-718748c967ab",
+    "id": "bundle--4d2d9f40-de11-41d0-92d6-bc5616157ee2",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--244460a9-d94d-4e3e-aa7f-2e9ac393c531",
+    "id": "bundle--9bd71dc6-7a91-44e1-87dc-4395ef40f95c",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--8698654d-082d-4830-853b-b1bf1490d09d",
+    "id": "bundle--34c72620-1f70-4050-8d15-f3e6308ea69f",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--ce60266b-5753-4e5a-8fac-919e8acb03b8",
+    "id": "bundle--276c005b-78a9-4ba4-be21-f893d4dbfae9",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--8c41fa93-3294-47e6-8c08-6fc298a18b54",
+    "id": "bundle--59a6c337-b4a2-4dd8-8615-3b74df1913ae",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--88f67b00-8b23-47d9-ba13-889d1656314c",
+    "id": "bundle--cfda4c0c-e547-4571-9e14-cd1ac36f6be2",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--6b517cd1-6637-4afa-95d2-503d2340852c",
+    "id": "bundle--b61034a0-36e1-4d92-beeb-f99268e14c3e",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--74d099ec-a324-4cb2-9c3a-2654b860b787",
+    "id": "bundle--6713a306-170c-40c5-9ec3-a779d50dcc60",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--c4243da4-fe30-47f0-9cac-df5836968d41",
+    "id": "bundle--374d01e3-1b0f-40f1-bded-2a42982a8456",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--2029071c-05b7-4214-9cde-90f2fb30f665",
+    "id": "bundle--bf8fab9a-02cb-44d7-8106-952a7c40d128",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--8a0580b8-f79f-4372-8fe4-37556fa4cfcf",
+    "id": "bundle--6ef32b98-eb61-43f0-ae8d-c0f226b56f37",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--7e81d9ef-01a2-4ea9-9e15-aaf48d96befd",
+    "id": "bundle--7a4ffa35-0211-40cf-bf1b-f3e8fdc348b4",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,58 +1,10 @@
 {
    "type": "bundle",
-    "id": "bundle--65f52d89-72b3-469f-a59c-e861e76a9f79",
+    "id": "bundle--9d8fb156-8785-4954-8a91-5363dad56f5f",
    "spec_version": "2.0",
    "objects": [
        {
-            "x_mitre_platforms": [
-                "Android"
-            ],
-            "x_mitre_domains": [
-                "mobile-attack"
-            ],
-            "x_mitre_contributors": [
-                "Gaetan van Diemen, ThreatFabric"
-            ],
-            "object_marking_refs": [
-                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-            ],
-            "id": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
-            "type": "attack-pattern",
-            "created": "2021-09-20T13:42:20.824Z",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-            "external_references": [
-                {
-                    "source_name": "mitre-mobile-attack",
-                    "external_id": "T1616",
-                    "url": "https://attack.mitre.org/techniques/T1616"
-                },
-                {
-                    "external_id": "APP-41",
-                    "source_name": "NIST Mobile Threat Catalogue",
-                    "url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-41.html"
-                },
-                {
-                    "external_id": "CEL-42",
-                    "source_name": "NIST Mobile Threat Catalogue",
-                    "url": "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-42.html"
-                },
-                {
-                    "external_id": "CEL-36",
-                    "source_name": "NIST Mobile Threat Catalogue",
-                    "url": "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-36.html"
-                },
-                {
-                    "external_id": "CEL-18",
-                    "source_name": "NIST Mobile Threat Catalogue",
-                    "url": "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-18.html"
-                },
-                {
-                    "source_name": "Android Permissions",
-                    "url": "https://developer.android.com/reference/android/Manifest.permission",
-                    "description": "Google. (2021, August 11). Manifest.permission. Retrieved September 22, 2021."
-                }
-            ],
-            "modified": "2021-09-27T18:05:42.788Z",
+            "modified": "2022-10-24T15:09:07.609Z",
            "name": "Call Control",
            "description": "Adversaries may make, forward, or block phone calls without user authorization. This could be used for adversary goals such as audio surveillance, blocking or forwarding calls from the device owner, or C2 communication.\n\nSeveral permissions may be used to programmatically control phone calls, including:\n\n* `ANSWER_PHONE_CALLS` - Allows the application to answer incoming phone calls(Citation: Android Permissions)\n* `CALL_PHONE` - Allows the application to initiate a phone call without going through the Dialer interface(Citation: Android Permissions)\n* `PROCESS_OUTGOING_CALLS` - Allows the application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether(Citation: Android Permissions)\n* `MANAGE_OWN_CALLS` - Allows a calling application which manages its own calls through the self-managed `ConnectionService` APIs(Citation: Android Permissions)\n* `BIND_TELECOM_CONNECTION_SERVICE` - Required permission when using a `ConnectionService`(Citation: Android Permissions)\n* `WRITE_CALL_LOG` - Allows an application to write to the device call log, potentially to hide malicious phone calls(Citation: Android Permissions)\n\nWhen granted some of these permissions, an application can make a phone call without opening the dialer first. However, if an application desires to simply redirect the user to the dialer with a phone number filled in, it can launch an Intent using `Intent.ACTION_DIAL`, which requires no specific permissions. This then requires the user to explicitly initiate the call or use some form of [Input Injection](https://attack.mitre.org/techniques/T1516) to programmatically initiate it.",
            "kill_chain_phases": [
@@ -69,12 +21,62 @@
                    "phase_name": "command-and-control"
                }
            ],
-            "x_mitre_detection": "Users can view their default phone app in device settings. Users can review available call logs for irregularities, such as missing or unrecognized calls.",
-            "x_mitre_version": "1.0",
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_detection": "Users can view their default phone app in device settings. Users can review available call logs for irregularities, such as missing or unrecognized calls.",
+            "x_mitre_platforms": [
+                "Android"
+            ],
+            "x_mitre_domains": [
+                "mobile-attack"
+            ],
+            "x_mitre_version": "1.0",
+            "x_mitre_contributors": [
+                "Gaetan van Diemen, ThreatFabric"
+            ],
            "x_mitre_tactic_type": [
                "Post-Adversary Device Access"
-            ]
+            ],
+            "type": "attack-pattern",
+            "id": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
+            "created": "2021-09-20T13:42:20.824Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "external_references": [
+                {
+                    "source_name": "mitre-attack",
+                    "url": "https://attack.mitre.org/techniques/T1616",
+                    "external_id": "T1616"
+                },
+                {
+                    "source_name": "NIST Mobile Threat Catalogue",
+                    "url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-41.html",
+                    "external_id": "APP-41"
+                },
+                {
+                    "source_name": "NIST Mobile Threat Catalogue",
+                    "url": "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-42.html",
+                    "external_id": "CEL-42"
+                },
+                {
+                    "source_name": "NIST Mobile Threat Catalogue",
+                    "url": "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-36.html",
+                    "external_id": "CEL-36"
+                },
+                {
+                    "source_name": "NIST Mobile Threat Catalogue",
+                    "url": "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-18.html",
+                    "external_id": "CEL-18"
+                },
+                {
+                    "source_name": "Android Permissions",
+                    "description": "Google. (2021, August 11). Manifest.permission. Retrieved September 22, 2021.",
+                    "url": "https://developer.android.com/reference/android/Manifest.permission"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "x_mitre_attack_spec_version": "2.1.0",
+            "x_mitre_is_subtechnique": false
        }
    ]
 }
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--334db50e-aa6b-416f-a953-93ece10dd8e0",
+    "id": "bundle--a8b678c1-07d1-4971-9e69-1d773278aa06",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--9be0e937-5cf1-4295-adaa-7a50f7aaee7d",
+    "id": "bundle--ebd422b0-bf8a-4fcc-9534-6566f7141f48",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--db9ee438-1eb6-4659-a665-86db6a5dcc79",
+    "id": "bundle--efd23b8b-651b-4ee4-90be-5b144e40e5a6",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--fc3ea944-51db-4b2c-a42e-e0a98511f1aa",
+    "id": "bundle--ac4cf8b0-fdd6-4225-8770-33f202775e99",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--a006bc07-b37d-4371-9dda-be86547d2cc5",
+    "id": "bundle--f0f04647-27a9-4919-bb60-258a7249f2e2",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--7f14f58b-0b23-43c8-ab92-b85fe9024a5c",
+    "id": "bundle--2c62c9ac-b9dd-4e38-bf26-3471487bbcad",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--e879422f-6d9b-442e-af49-f00a86ad58d2",
+    "id": "bundle--9e7247f9-0717-4ca3-9455-13995fae8bf4",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--0cd92fcd-96f0-4a64-8a1f-62985a40b82f",
+    "id": "bundle--5709d32d-e096-4a81-9ce9-50da2b9f7123",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--622dc01b-d9b9-40da-9f50-cf22794442c3",
+    "id": "bundle--528290e0-3b97-4239-8de5-a94986c0ec30",
    "spec_version": "2.0",
    "objects": [
        {
@@ -20,7 +20,8 @@
            ],
            "modified": "2018-10-17T01:05:10.703Z",
            "name": "Biometric Spoofing",
-            "x_mitre_version": "1.0"
+            "x_mitre_version": "1.0",
+            "x_mitre_is_subtechnique": false
        }
    ]
 }
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--aede2ce9-6941-48aa-8062-a7d71ee91220",
+    "id": "bundle--f9684e66-fa5c-4a3e-8463-12827f344458",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--d676552b-fd8c-47b2-9a7a-e39402a2f562",
+    "id": "bundle--7e0ae2bd-b5c9-4c0a-b8df-b68424c55720",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--d2b9761d-d3c1-421f-8ebc-2682aeeab7fb",
+    "id": "bundle--23b7c727-5492-458e-abef-52ce75435fb2",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--659cef61-1152-436e-b9f0-cd2d9ab2f4c5",
+    "id": "bundle--23c05b69-0fa2-4ab2-b2f5-af5c7382904a",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--2745475e-b2a8-4c87-8f00-271ee9af8e9c",
+    "id": "bundle--89ba096f-1c39-44ae-8d6f-9fa02e39ea52",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--c2c3f01c-3a92-4aea-900e-05b08c7bd6cb",
+    "id": "bundle--f903306c-51af-4163-b3fb-2e4e1ff2cc9c",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--30a39c89-3037-4cf4-bc13-1e38b621ddfe",
+    "id": "bundle--efff8f0f-6d13-49e6-84aa-ab7831f8c4bc",
    "spec_version": "2.0",
    "objects": [
        {
@@ -20,7 +20,8 @@
            ],
            "modified": "2018-10-17T01:05:10.701Z",
            "name": "Abuse of iOS Enterprise App Signing Key",
-            "x_mitre_version": "1.0"
+            "x_mitre_version": "1.0",
+            "x_mitre_is_subtechnique": false
        }
    ]
 }
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--b3a0fe6b-96f2-43da-8cdb-28de8e8c19d3",
+    "id": "bundle--d2107341-c22d-4100-8c39-f4d662a1e3cb",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--0adeb491-7bb5-4f83-aec3-193950e2a704",
+    "id": "bundle--856861ae-9f64-4b8e-ac65-b6bafe369076",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--57f91813-605a-4c90-a303-0316f80f03f5",
+    "id": "bundle--b50a45f9-e2e1-461b-959c-abcd0b0be505",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--e8086e76-27fa-454e-aaaa-96a8e0bc4577",
+    "id": "bundle--79c98063-7c43-4bf7-a907-2c6ff1f297a1",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,35 +1,10 @@
 {
    "type": "bundle",
-    "id": "bundle--3a0104cd-f934-4bee-8f00-6d86c356bca9",
+    "id": "bundle--239d888c-962e-49b6-8873-2279c3c53d35",
    "spec_version": "2.0",
    "objects": [
        {
-            "x_mitre_platforms": [
-                "Android"
-            ],
-            "x_mitre_domains": [
-                "mobile-attack"
-            ],
-            "object_marking_refs": [
-                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-            ],
-            "id": "attack-pattern--5ca3c7ec-55b2-4587-9376-cf6c96f8047a",
-            "type": "attack-pattern",
-            "created": "2020-11-30T14:26:07.728Z",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-            "external_references": [
-                {
-                    "source_name": "mitre-mobile-attack",
-                    "external_id": "T1604",
-                    "url": "https://attack.mitre.org/techniques/T1604"
-                },
-                {
-                    "source_name": "Threat Fabric Exobot",
-                    "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
-                    "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
-                }
-            ],
-            "modified": "2020-12-04T20:30:31.513Z",
+            "modified": "2022-10-24T15:09:07.609Z",
            "name": "Proxy Through Victim",
            "description": "Adversaries may use a compromised device as a proxy server to the Internet. By utilizing a proxy, adversaries hide the true IP address of their C2 server and associated infrastructure from the destination of the network traffic. This masquerades an adversary\u2019s traffic as legitimate traffic originating from the compromised device, which can evade IP-based restrictions and alerts on certain services, such as bank accounts and social media websites.(Citation: Threat Fabric Exobot)\n\nThe most common type of proxy is a SOCKS proxy. It can typically be implemented using standard OS-level APIs and 3rd party libraries with no indication to the user. On Android, adversaries can use the `Proxy` API to programmatically establish a SOCKS proxy connection, or lower-level APIs to interact directly with raw sockets.",
            "kill_chain_phases": [
@@ -38,12 +13,39 @@
                    "phase_name": "defense-evasion"
                }
            ],
-            "x_mitre_detection": "Enterprises may be able to detect anomalous traffic originating from mobile devices, which could indicate compromise.",
-            "x_mitre_version": "1.0",
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_detection": "Enterprises may be able to detect anomalous traffic originating from mobile devices, which could indicate compromise.",
+            "x_mitre_platforms": [
+                "Android"
+            ],
+            "x_mitre_domains": [
+                "mobile-attack"
+            ],
+            "x_mitre_version": "1.0",
            "x_mitre_tactic_type": [
                "Post-Adversary Device Access"
-            ]
+            ],
+            "type": "attack-pattern",
+            "id": "attack-pattern--5ca3c7ec-55b2-4587-9376-cf6c96f8047a",
+            "created": "2020-11-30T14:26:07.728Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "external_references": [
+                {
+                    "source_name": "mitre-attack",
+                    "url": "https://attack.mitre.org/techniques/T1604",
+                    "external_id": "T1604"
+                },
+                {
+                    "source_name": "Threat Fabric Exobot",
+                    "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020.",
+                    "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "x_mitre_attack_spec_version": "2.1.0",
+            "x_mitre_is_subtechnique": false
        }
    ]
 }
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--c0cf0062-a06d-4b33-80c4-d05e0f6af92c",
+    "id": "bundle--3f04bdbd-39dc-47be-b765-4c53ea1fe57c",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--59ddbdfa-0f16-4f4f-b598-077c290dbf7c",
+    "id": "bundle--e06ef7d2-2c80-4a3d-8391-9f8e5f6a0e36",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--07ddf7e8-6bf2-4eea-b6ce-c4b6e03d0b4e",
+    "id": "bundle--0691f0fd-00af-405f-8c68-0652978fb342",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--1596d422-9498-4639-bd60-269f7a3ba646",
+    "id": "bundle--774bbc4a-8ab3-4364-a376-2fff5c8bef91",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--f2669766-2702-4762-8ef4-6df3f3dff4a5",
+    "id": "bundle--9700395f-64d1-45f5-86b5-d2df7b51db39",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--d9e2fa79-a4cb-4197-bc96-316750444746",
+    "id": "bundle--6ffa7147-60de-461d-b148-b9390fc03ed8",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--43a39fed-41e0-4269-81a8-8903ef6e2839",
+    "id": "bundle--98bc4c84-7243-4474-9b27-80bec690314f",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--7c4fe795-008f-4e98-a1fe-1019d007dcda",
+    "id": "bundle--ce40e1a2-781d-4596-adaa-74b0681176e8",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--f639f3ce-7f2f-48c5-97d0-ee70d853b3b0",
+    "id": "bundle--b135ced6-a64c-48ca-8e51-33c8aaa76277",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--4ffd1cc9-227f-42cb-bc31-4abfc7277d19",
+    "id": "bundle--5ab3df75-2367-410b-b8af-c313c923abe5",
    "spec_version": "2.0",
    "objects": [
        {
@@ -20,7 +20,8 @@
            ],
            "modified": "2018-10-17T01:05:10.699Z",
            "name": "App Delivered via Web Download",
-            "x_mitre_version": "1.0"
+            "x_mitre_version": "1.0",
+            "x_mitre_is_subtechnique": false
        }
    ]
 }
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--c9e7a702-f4ae-4fdf-8e2e-4a4db3b53886",
+    "id": "bundle--8d4cbd12-390e-434b-9cf4-d0a25383f828",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--7d43bda3-deca-4666-9e08-eefe0c7e8d96",
+    "id": "bundle--bc8401ed-a427-47a1-9188-2dbec0c34f85",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--7ffd740f-537c-4ab4-81ef-dd6ae039d3a9",
+    "id": "bundle--803d457a-ab39-4538-a24e-1173c5032e64",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--43af0e94-5406-4f2d-8d6d-aeb95e05e1b1",
+    "id": "bundle--7f0e893d-4352-4e8e-84a2-64688457836e",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--65009a9d-4245-4476-826e-2c82f27f826c",
+    "id": "bundle--cd7b2822-3dc9-4e54-a8bf-79f0bde21eb4",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--d2e5afac-606d-40f5-ae19-80663e8b462a",
+    "id": "bundle--270e0444-b59d-4446-abba-bb81aba386f9",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--a50ee87e-9226-4878-a35b-17a405f92cd9",
+    "id": "bundle--fb4ad787-15c4-4f62-bdb1-3dfaac2e54e5",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--e271648d-8085-4eee-a82a-fda44eef68d3",
+    "id": "bundle--ba58366e-30ad-4d87-923e-b6f2628e3324",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--b9f0ca5d-5ada-4deb-b86e-e7bb058e6af8",
+    "id": "bundle--8ae57a91-9b60-4813-9ab7-c8a7f3d92f32",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--a170985d-09f4-4e27-ae3d-9cf8ba549580",
+    "id": "bundle--29e2cf43-ef23-4ca9-b68b-ca41fa9b8ae5",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--87f1e6f8-31b6-4016-b40e-f4937713dec2",
+    "id": "bundle--480cce5d-2309-445e-baef-263f1868c252",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--a617c519-a613-4c7a-bbd0-4a4923e3bae3",
+    "id": "bundle--ca04a6e8-b432-410d-a26e-6f9bdf4cef3b",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--45911dbd-8c18-4190-a628-25c55d8bbdb2",
+    "id": "bundle--813b8fb1-2798-4952-8de6-94e5a01f0fe6",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--6023ddfa-5276-4821-b4ef-87a0341c679d",
+    "id": "bundle--5be3cd37-50ab-4306-bd0f-16c4db386b99",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--bc87abca-c917-47a7-b560-a9205137b9e8",
+    "id": "bundle--41e34344-1860-4405-bc86-aa36708f11c2",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--fb356767-395a-4e58-9546-f7ddec5da9c2",
+    "id": "bundle--535e2e64-ca57-42c9-836b-335ed8a0b3f8",
    "spec_version": "2.0",
    "objects": [
        {
@@ -20,7 +20,8 @@
            ],
            "modified": "2018-10-17T01:05:10.701Z",
            "name": "Remotely Install Application",
-            "x_mitre_version": "1.0"
+            "x_mitre_version": "1.0",
+            "x_mitre_is_subtechnique": false
        }
    ]
 }
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--deef54df-6333-47f9-8558-7e62e67a7686",
+    "id": "bundle--9eed16b8-fdc7-407f-bc7b-081afc110f6c",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--fa7b5481-0bd6-46f8-828d-6c788c6b3099",
+    "id": "bundle--44d3f446-eafe-4703-bf28-ccd5970a41e9",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--e6597cdf-40f5-4fac-b1d0-f77c98403442",
+    "id": "bundle--54b9b15f-e908-400b-8e06-4dbeb04c36e7",
    "spec_version": "2.0",
    "objects": [
        {
@@ -43,7 +43,8 @@
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "x_mitre_tactic_type": [
                "Post-Adversary Device Access"
-            ]
+            ],
+            "x_mitre_is_subtechnique": false
        }
    ]
 }
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--dfa9dd9a-226a-47b2-9870-039262158f4a",
+    "id": "bundle--32a05ac6-4fff-415d-b18f-9ebe847dbe5e",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--8d1f2e25-d34b-48ae-88f0-525e1c913752",
+    "id": "bundle--1f783cbb-a522-49cd-a744-f475ca65916a",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--f51c5c4b-6fb7-40b0-acee-ee4253fa55dc",
+    "id": "bundle--78e0aaf3-6dff-42b3-8413-ad28cbd38036",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--ce8adea6-c8ac-402f-b85a-7c9b9878e00a",
+    "id": "bundle--34ee4a90-d224-48e7-910a-34d01e02b055",
    "spec_version": "2.0",
    "objects": [
        {
@@ -63,7 +63,8 @@
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "x_mitre_tactic_type": [
                "Post-Adversary Device Access"
-            ]
+            ],
+            "x_mitre_is_subtechnique": false
        }
    ]
 }
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--78295b01-de76-4843-9ee2-c7c1a4b1a749",
+    "id": "bundle--3795fa9c-ebcf-4c27-ac2e-a4c46d54d8c5",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--ddd39c64-49ae-4608-bf70-9896421bcb46",
+    "id": "bundle--1ef0f3a1-cd2f-4066-9ba7-ffcdc9b62228",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--50dbb539-c81e-4bb7-a103-199ee70b5bda",
+    "id": "bundle--de8dc44d-4e30-486f-9484-5ec5f65215be",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--c77eb04f-87ad-4e31-b52e-bd244f6a03e0",
+    "id": "bundle--cf2264ad-7ca5-4d19-a888-17a70e1ec016",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--367e2195-f915-4754-97e7-5b58f8b7dc32",
+    "id": "bundle--3b81d4ff-e1cb-4581-9a60-385bf84af694",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--ee13f372-a3e0-47a9-87a0-077591933c5a",
+    "id": "bundle--e4b9d8b9-2199-43d0-85e8-606ad2ce3f64",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,6 +1,6 @@
 {
    "type": "bundle",
-    "id": "bundle--d96024df-af64-4f46-9a6d-3990f713311a",
+    "id": "bundle--37e448be-75ec-429b-bae0-cb2d3f8c9fda",
    "spec_version": "2.0",
    "objects": [
        {
@@ -1,65 +1,65 @@
 {
    "type": "bundle",
-    "id": "bundle--70873a8c-8dda-442e-9100-f08b27ddd853",
+    "id": "bundle--bde2ad8d-36ef-4445-a982-977c68b34ee5",
    "spec_version": "2.0",
    "objects": [
        {
+            "modified": "2022-10-21T13:44:31.305Z",
+            "name": "Remote Device Management Services",
+            "description": "An adversary may use access to cloud services (e.g. Google's Android Device Manager or Apple iCloud's Find my iPhone) or to an enterprise mobility management (EMM)/mobile device management (MDM) server console to track the location of mobile devices managed by the service.(Citation: Krebs-Location) ",
+            "kill_chain_phases": [
+                {
+                    "kill_chain_name": "mitre-mobile-attack",
+                    "phase_name": "collection"
+                },
+                {
+                    "kill_chain_name": "mitre-mobile-attack",
+                    "phase_name": "discovery"
+                }
+            ],
+            "x_mitre_detection": "Google sends a notification to the device when Android Device Manager is used to locate it. Additionally, Google provides the ability for users to view their general account activity and alerts users when their credentials have been used on a new device. Apple iCloud also provides notifications to users of account activity such as when credentials have been used. ",
            "x_mitre_platforms": [
                "Android",
                "iOS"
            ],
+            "x_mitre_is_subtechnique": true,
+            "x_mitre_deprecated": false,
            "x_mitre_domains": [
                "mobile-attack"
            ],
-            "object_marking_refs": [
-                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            "x_mitre_version": "1.0",
+            "x_mitre_tactic_type": [
+                "Post-Adversary Device Access"
            ],
            "type": "attack-pattern",
            "id": "attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f",
            "created": "2022-04-05T19:37:15.984Z",
-            "x_mitre_version": "1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
            "external_references": [
                {
                    "source_name": "mitre-attack",
-                    "external_id": "T1430.001",
-                    "url": "https://attack.mitre.org/techniques/T1430/001"
+                    "url": "https://attack.mitre.org/techniques/T1430/001",
+                    "external_id": "T1430.001"
                },
                {
                    "source_name": "Krebs-Location",
-                    "url": "https://krebsonsecurity.com/2018/05/tracking-firm-locationsmart-leaked-location-data-for-customers-of-all-major-u-s-mobile-carriers-in-real-time-via-its-web-site/",
-                    "description": "Brian Krebs. (2018, May 17). Tracking Firm LocationSmart Leaked Location Data for Customers of All Major U.S. Mobile Carriers Without Consent in Real Time Via Its Web Site. Retrieved November 8, 2018."
+                    "description": "Brian Krebs. (2018, May 17). Tracking Firm LocationSmart Leaked Location Data for Customers of All Major U.S. Mobile Carriers Without Consent in Real Time Via Its Web Site. Retrieved November 8, 2018.",
+                    "url": "https://krebsonsecurity.com/2018/05/tracking-firm-locationsmart-leaked-location-data-for-customers-of-all-major-u-s-mobile-carriers-in-real-time-via-its-web-site/"
                },
                {
-                    "url": "https://pages.nist.gov/mobile-threat-catalogue/ecosystem-threats/ECO-5.html",
                    "source_name": "NIST Mobile Threat Catalogue",
+                    "url": "https://pages.nist.gov/mobile-threat-catalogue/ecosystem-threats/ECO-5.html",
                    "external_id": "ECO-5"
                },
                {
-                    "url": "https://pages.nist.gov/mobile-threat-catalogue/emm-threats/EMM-7.html",
                    "source_name": "NIST Mobile Threat Catalogue",
+                    "url": "https://pages.nist.gov/mobile-threat-catalogue/emm-threats/EMM-7.html",
                    "external_id": "EMM-7"
                }
            ],
-            "x_mitre_deprecated": false,
-            "revoked": false,
-            "description": "An adversary may use access to cloud services (e.g. Google's Android Device Manager or Apple iCloud's Find my iPhone) or to an enterprise mobility management (EMM)/mobile device management (MDM) server console to track the location of mobile devices managed by the service.(Citation: Krebs-Location) ",
-            "modified": "2022-04-19T19:58:48.039Z",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-            "name": "Remote Device Management Services",
-            "x_mitre_detection": "Google sends a notification to the device when Android Device Manager is used to locate it. Additionally, Google provides the ability for users to view their general account activity and alerts users when their credentials have been used on a new device. Apple iCloud also provides notifications to users of account activity such as when credentials have been used. ",
-            "kill_chain_phases": [
-                {
-                    "phase_name": "collection",
-                    "kill_chain_name": "mitre-mobile-attack"
-                },
-                {
-                    "phase_name": "discovery",
-                    "kill_chain_name": "mitre-mobile-attack"
-                }
-            ],
-            "x_mitre_is_subtechnique": true,
-            "x_mitre_tactic_type": [
-                "Post-Adversary Device Access"
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "x_mitre_attack_spec_version": "2.1.0",
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
--- a/Show More
+++ b/Show More