cti/mobile-attack/attack-pattern/attack-pattern--e8b4e1ec-8e3b-484c-9038-4459b1ed8060.json

{
    "type": "bundle",
    "id": "bundle--8a21096d-0827-4e22-b700-aa65874760d7",
    "spec_version": "2.0",
    "objects": [
        {
            "type": "attack-pattern",
            "id": "attack-pattern--e8b4e1ec-8e3b-484c-9038-4459b1ed8060",
            "created": "2017-10-25T14:48:15.920Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "revoked": true,
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/techniques/T1412",
                    "external_id": "T1412"
                }
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "modified": "2025-10-24T17:49:33.068Z",
            "name": "Capture SMS Messages",
            "description": "A malicious application could capture sensitive data sent via SMS, including authentication credentials. SMS is frequently used to transmit codes used for multi-factor authentication.\n\nOn Android, a malicious application must request and obtain permission (either at app install time or run time) in order to receive SMS messages. Alternatively, a malicious application could attempt to perform an operating system privilege escalation attack to bypass the permission requirement.\n\nOn iOS, applications cannot access SMS messages in normal operation, so an adversary would need to attempt to perform an operating system privilege escalation attack to potentially be able to access SMS messages.",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "mitre-mobile-attack",
                    "phase_name": "collection"
                },
                {
                    "kill_chain_name": "mitre-mobile-attack",
                    "phase_name": "credential-access"
                }
            ],
            "x_mitre_attack_spec_version": "3.2.0",
            "x_mitre_deprecated": false,
            "x_mitre_domains": [
                "mobile-attack"
            ],
            "x_mitre_is_subtechnique": false,
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "x_mitre_platforms": [
                "Android",
                "iOS"
            ],
            "x_mitre_version": "1.1",
            "x_mitre_tactic_type": [
                "Post-Adversary Device Access"
            ]
        }
    ]
}