{ "type": "bundle", "id": "bundle--438c5e8b-9369-4235-8758-35c6c85e9da2", "spec_version": "2.0", "objects": [ { "type": "x-mitre-analytic", "id": "x-mitre-analytic--3fe80400-0e8c-4ffa-8233-cebf7511613c", "created": "2025-10-21T15:10:28.402Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/detectionstrategies/DET0652#AN1735", "external_id": "AN1735" } ], "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "modified": "2025-10-21T15:10:28.402Z", "name": "Analytic 1735", "description": "Application vetting services may detect when an application requests permissions after an application update.\nApplication vetting services may look for indications that the application\u2019s update includes malicious code at runtime. \nApplication vetting services may be able to list domains and/or IP addresses that applications communicate with.", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_version": "1.0", "x_mitre_attack_spec_version": "3.3.0", "x_mitre_domains": [ "mobile-attack" ], "x_mitre_platforms": [ "Android" ], "x_mitre_log_source_references": [ { "x_mitre_data_component_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43", "name": "Application Vetting", "channel": "None" }, { "x_mitre_data_component_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962", "name": "Application Vetting", "channel": "None" }, { "x_mitre_data_component_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0", "name": "Application Vetting", "channel": "None" } ], "x_mitre_deprecated": false } ] }