cti/mobile-attack/attack-pattern/attack-pattern--6a3f6490-9c44-40de-b059-e5940f246673.json

{
    "type": "bundle",
    "id": "bundle--8eaefc3a-ac0d-4287-a4a8-3fe98dda198a",
    "spec_version": "2.0",
    "objects": [
        {
            "x_mitre_platforms": [
                "Android",
                "iOS"
            ],
            "x_mitre_domains": [
                "mobile-attack"
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "type": "attack-pattern",
            "id": "attack-pattern--6a3f6490-9c44-40de-b059-e5940f246673",
            "created": "2017-10-25T14:48:33.158Z",
            "x_mitre_version": "1.2",
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "external_id": "T1437",
                    "url": "https://attack.mitre.org/techniques/T1437"
                },
                {
                    "url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-29.html",
                    "source_name": "NIST Mobile Threat Catalogue",
                    "external_id": "APP-29"
                }
            ],
            "x_mitre_deprecated": false,
            "revoked": false,
            "description": "Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the mobile device, and often the results of those commands, will be embedded within the protocol traffic between the mobile device and server. \n\nAdversaries may utilize many different protocols, including those used for web browsing, transferring files, electronic mail, or DNS.",
            "modified": "2022-04-19T20:03:51.831Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "name": "Application Layer Protocol",
            "x_mitre_detection": "Abuse of standard application protocols can be difficult to detect as many legitimate mobile applications leverage such protocols for language-specific APIs. Enterprises may be better served focusing on detection at other stages of adversarial behavior.",
            "kill_chain_phases": [
                {
                    "phase_name": "command-and-control",
                    "kill_chain_name": "mitre-mobile-attack"
                }
            ],
            "x_mitre_is_subtechnique": false,
            "x_mitre_tactic_type": [
                "Post-Adversary Device Access"
            ],
            "x_mitre_attack_spec_version": "2.1.0",
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
        }
    ]
}