adpare
72 lines
4.3 KiB
JSON
72 lines
4.3 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--d6c7568b-9ed6-4fd8-94c2-d0e8fd59b69f",
|
|
"spec_version": "2.0",
|
|
"objects": [
|
|
{
|
|
"type": "attack-pattern",
|
|
"id": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591",
|
|
"created": "2022-04-01T18:49:03.892Z",
|
|
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
|
|
"revoked": false,
|
|
"external_references": [
|
|
{
|
|
"source_name": "mitre-attack",
|
|
"url": "https://attack.mitre.org/techniques/T1629/002",
|
|
"external_id": "T1629.002"
|
|
},
|
|
{
|
|
"source_name": "Microsoft MalLockerB",
|
|
"description": "D. Venkatesan. (2020, October 8). Sophisticated new Android malware marks the latest evolution of mobile ransomware . Retrieved October 29, 2020.",
|
|
"url": "https://www.microsoft.com/security/blog/2020/10/08/sophisticated-new-android-malware-marks-the-latest-evolution-of-mobile-ransomware/"
|
|
},
|
|
{
|
|
"source_name": "Android resetPassword",
|
|
"description": "Google. (n.d.). DevicePolicyManager. Retrieved October 1, 2019.",
|
|
"url": "https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#resetPassword(java.lang.String,%20int)"
|
|
},
|
|
{
|
|
"source_name": "securelist rotexy 2018",
|
|
"description": "T. Shishkova, L. Pikman. (2018, November 22). The Rotexy mobile Trojan \u2013 banker and ransomware. Retrieved September 23, 2019.",
|
|
"url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/"
|
|
},
|
|
{
|
|
"source_name": "Talos GPlayed",
|
|
"description": "V. Ventura. (2018, October 11). GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020.",
|
|
"url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html"
|
|
},
|
|
{
|
|
"source_name": "NIST Mobile Threat Catalogue",
|
|
"url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-22.html",
|
|
"external_id": "APP-22"
|
|
}
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
|
|
],
|
|
"modified": "2025-10-24T17:49:13.285Z",
|
|
"name": "Device Lockout",
|
|
"description": "An adversary may seek to inhibit user interaction by locking the legitimate user out of the device. This is typically accomplished by requesting device administrator permissions and then locking the screen using `DevicePolicyManager.lockNow()`. Other novel techniques for locking the user out of the device have been observed, such as showing a persistent overlay, using carefully crafted \u201ccall\u201d notification screens, and locking HTML pages in the foreground. These techniques can be very difficult to get around, and typically require booting the device into safe mode to uninstall the malware.(Citation: Microsoft MalLockerB)(Citation: Talos GPlayed)(Citation: securelist rotexy 2018)\n\nPrior to Android 7, device administrators were able to reset the device lock passcode to prevent the user from unlocking the device. The release of Android 7 introduced updates that only allow device or profile owners (e.g. MDMs) to reset the device\u2019s passcode.(Citation: Android resetPassword)",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "mitre-mobile-attack",
|
|
"phase_name": "defense-evasion"
|
|
}
|
|
],
|
|
"x_mitre_attack_spec_version": "3.2.0",
|
|
"x_mitre_deprecated": false,
|
|
"x_mitre_domains": [
|
|
"mobile-attack"
|
|
],
|
|
"x_mitre_is_subtechnique": true,
|
|
"x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
|
|
"x_mitre_platforms": [
|
|
"Android"
|
|
],
|
|
"x_mitre_version": "1.1",
|
|
"x_mitre_tactic_type": [
|
|
"Post-Adversary Device Access"
|
|
]
|
|
}
|
|
]
|
|
} |