cti/mobile-attack/attack-pattern/attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f.json

{
    "type": "bundle",
    "id": "bundle--1dbab9f7-66a7-497c-9405-22f0497b6f4a",
    "spec_version": "2.0",
    "objects": [
        {
            "type": "attack-pattern",
            "id": "attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f",
            "created": "2022-04-05T19:37:15.984Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "revoked": false,
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/techniques/T1430/001",
                    "external_id": "T1430.001"
                },
                {
                    "source_name": "Krebs-Location",
                    "description": "Brian Krebs. (2018, May 17). Tracking Firm LocationSmart Leaked Location Data for Customers of All Major U.S. Mobile Carriers Without Consent in Real Time Via Its Web Site. Retrieved November 8, 2018.",
                    "url": "https://krebsonsecurity.com/2018/05/tracking-firm-locationsmart-leaked-location-data-for-customers-of-all-major-u-s-mobile-carriers-in-real-time-via-its-web-site/"
                },
                {
                    "source_name": "NIST Mobile Threat Catalogue",
                    "url": "https://pages.nist.gov/mobile-threat-catalogue/ecosystem-threats/ECO-5.html",
                    "external_id": "ECO-5"
                },
                {
                    "source_name": "NIST Mobile Threat Catalogue",
                    "url": "https://pages.nist.gov/mobile-threat-catalogue/emm-threats/EMM-7.html",
                    "external_id": "EMM-7"
                }
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "modified": "2025-10-24T17:49:09.660Z",
            "name": "Remote Device Management Services",
            "description": "An adversary may use access to cloud services (e.g. Google's Android Device Manager or Apple iCloud's Find my iPhone) or to an enterprise mobility management (EMM)/mobile device management (MDM) server console to track the location of mobile devices managed by the service.(Citation: Krebs-Location) ",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "mitre-mobile-attack",
                    "phase_name": "collection"
                },
                {
                    "kill_chain_name": "mitre-mobile-attack",
                    "phase_name": "discovery"
                }
            ],
            "x_mitre_attack_spec_version": "3.2.0",
            "x_mitre_deprecated": false,
            "x_mitre_domains": [
                "mobile-attack"
            ],
            "x_mitre_is_subtechnique": true,
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "x_mitre_platforms": [
                "Android",
                "iOS"
            ],
            "x_mitre_version": "1.1",
            "x_mitre_tactic_type": [
                "Post-Adversary Device Access"
            ]
        }
    ]
}