adpare
78 lines
4.5 KiB
JSON
78 lines
4.5 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--1067cb5d-3db3-49b8-9dec-7dcf548293d3",
|
|
"spec_version": "2.0",
|
|
"objects": [
|
|
{
|
|
"type": "attack-pattern",
|
|
"id": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
|
|
"created": "2019-08-08T18:34:14.178Z",
|
|
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
|
|
"revoked": false,
|
|
"external_references": [
|
|
{
|
|
"source_name": "mitre-attack",
|
|
"url": "https://attack.mitre.org/techniques/T1513",
|
|
"external_id": "T1513"
|
|
},
|
|
{
|
|
"source_name": "Android ScreenCap2 2019",
|
|
"description": "Android Developers. (n.d.). Android Debug Bridge (adb). Retrieved August 8, 2019.",
|
|
"url": "https://developer.android.com/studio/command-line/adb"
|
|
},
|
|
{
|
|
"source_name": "Android ScreenCap1 2019",
|
|
"description": "Android Developers. (n.d.). Android MediaProjectionManager. Retrieved August 8, 2019.",
|
|
"url": "https://developer.android.com/reference/android/media/projection/MediaProjectionManager"
|
|
},
|
|
{
|
|
"source_name": "Lookout-Monokle",
|
|
"description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
|
|
"url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf"
|
|
},
|
|
{
|
|
"source_name": "Fortinet screencap July 2019",
|
|
"description": "Dario Durando. (2019, July 3). BianLian: A New Wave Emerges. Retrieved September 4, 2019.",
|
|
"url": "https://www.fortinet.com/blog/threat-research/new-wave-bianlian-malware.html"
|
|
},
|
|
{
|
|
"source_name": "Trend Micro ScreenCap July 2015",
|
|
"description": "Zhang, V. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved August 8, 2019.",
|
|
"url": "https://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/"
|
|
},
|
|
{
|
|
"source_name": "NIST Mobile Threat Catalogue",
|
|
"url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-40.html",
|
|
"external_id": "APP-40"
|
|
}
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
|
|
],
|
|
"modified": "2025-10-24T17:48:57.610Z",
|
|
"name": "Screen Capture",
|
|
"description": "Adversaries may use screen capture to collect additional information about a target device, such as applications running in the foreground, user data, credentials, or other sensitive information. Applications running in the background can capture screenshots or videos of another application running in the foreground by using the Android `MediaProjectionManager` (generally requires the device user to grant consent).(Citation: Fortinet screencap July 2019)(Citation: Android ScreenCap1 2019) Background applications can also use Android accessibility services to capture screen contents being displayed by a foreground application.(Citation: Lookout-Monokle) An adversary with root access or Android Debug Bridge (adb) access could call the Android `screencap` or `screenrecord` commands.(Citation: Android ScreenCap2 2019)(Citation: Trend Micro ScreenCap July 2015) ",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "mitre-mobile-attack",
|
|
"phase_name": "collection"
|
|
}
|
|
],
|
|
"x_mitre_attack_spec_version": "3.2.0",
|
|
"x_mitre_deprecated": false,
|
|
"x_mitre_detection": "",
|
|
"x_mitre_domains": [
|
|
"mobile-attack"
|
|
],
|
|
"x_mitre_is_subtechnique": false,
|
|
"x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
|
|
"x_mitre_platforms": [
|
|
"Android"
|
|
],
|
|
"x_mitre_version": "1.3",
|
|
"x_mitre_tactic_type": [
|
|
"Post-Adversary Device Access"
|
|
]
|
|
}
|
|
]
|
|
} |