cti/mobile-attack/attack-pattern/attack-pattern--b332a960-3c04-495a-827f-f17a5daed3a6.json

{
    "type": "bundle",
    "id": "bundle--d8e8034b-848b-41f3-ac29-2de94c252211",
    "spec_version": "2.0",
    "objects": [
        {
            "id": "attack-pattern--b332a960-3c04-495a-827f-f17a5daed3a6",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "name": "Disguise Root/Jailbreak Indicators",
            "description": "An adversary could use knowledge of the techniques used by security software to evade detection(Citation: Brodie)(Citation: Tan). For example, some mobile security products perform compromised device detection by searching for particular artifacts such as an installed \"su\" binary, but that check could be evaded by naming the binary something else. Similarly, polymorphic code techniques could be used to evade signature-based detection(Citation: Rastogi).",
            "external_references": [
                {
                    "source_name": "mitre-mobile-attack",
                    "url": "https://attack.mitre.org/techniques/T1408",
                    "external_id": "T1408"
                },
                {
                    "url": "https://pages.nist.gov/mobile-threat-catalogue/emm-threats/EMM-5.html",
                    "source_name": "NIST Mobile Threat Catalogue",
                    "external_id": "EMM-5"
                },
                {
                    "source_name": "Brodie",
                    "description": "Daniel Brodie. (2016). Practical Attacks against Mobile Device Management (MDM). Retrieved December 21, 2016.",
                    "url": "https://media.blackhat.com/eu-13/briefings/Brodie/bh-eu-13-lacoon-attacks-mdm-brodie-wp.pdf"
                },
                {
                    "source_name": "Tan",
                    "description": "Vincent Tan. (2016, August). BAD FOR ENTERPRISE: ATTACKING BYOD ENTERPRISE MOBILE SECURITY SOLUTIONS. Retrieved February 4, 2017.",
                    "url": "http://www.blackhat.com/us-16/briefings.html#bad-for-enterprise-attacking-byod-enterprise-mobile-security-solutions"
                },
                {
                    "source_name": "Rastogi",
                    "description": "Vaibhav Rastogi, Yan Chen, and Xuxian Jiang. (2013, May). DroidChameleon: Evaluating Android Anti-malware against Transformation Attacks. Retrieved December 9, 2016.",
                    "url": "http://pages.cs.wisc.edu/~vrastogi/static/papers/rcj13b.pdf"
                }
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "type": "attack-pattern",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "mitre-mobile-attack",
                    "phase_name": "defense-evasion"
                }
            ],
            "modified": "2019-02-03T14:34:59.071Z",
            "created": "2017-10-25T14:48:14.003Z",
            "x_mitre_platforms": [
                "Android",
                "iOS"
            ],
            "x_mitre_tactic_type": [
                "Post-Adversary Device Access"
            ],
            "x_mitre_version": "1.1",
            "x_mitre_old_attack_id": "MOB-T1011"
        }
    ]
}