Isabel Tuson
70 lines
4.2 KiB
JSON
70 lines
4.2 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--09a5f20d-dfa6-432e-8419-c069af7ac2e9",
|
|
"spec_version": "2.0",
|
|
"objects": [
|
|
{
|
|
"id": "attack-pattern--a93ccb8f-3996-42e2-b7c7-bb599d4e205f",
|
|
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
|
|
"name": "Masquerade as Legitimate Application",
|
|
"description": "An adversary could distribute developed malware by masquerading the malware as a legitimate application. This can be done in two different ways: by embedding the malware in a legitimate application, or by pretending to be a legitimate application.\n\nEmbedding the malware in a legitimate application is done by downloading the application, disassembling it, adding the malicious code, and then re-assembling it.(Citation: Zhou) The app would appear to be the original app, but would contain additional malicious functionality. The adversary could then publish the malicious application to app stores or use another delivery method.\n\nPretending to be a legitimate application relies heavily on lack of scrutinization by the user. Typically, a malicious app pretending to be a legitimate one will have many similar details as the legitimate one, such as name, icon, and description.(Citation: Palo Alto HenBox)\n\nMalicious applications may also masquerade as legitimate applications when requesting access to the accessibility service in order to appear as legitimate to the user, increasing the likelihood that the access will be granted.",
|
|
"external_references": [
|
|
{
|
|
"source_name": "mitre-mobile-attack",
|
|
"external_id": "T1444",
|
|
"url": "https://attack.mitre.org/techniques/T1444"
|
|
},
|
|
{
|
|
"external_id": "APP-31",
|
|
"source_name": "NIST Mobile Threat Catalogue",
|
|
"url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-31.html"
|
|
},
|
|
{
|
|
"external_id": "APP-14",
|
|
"source_name": "NIST Mobile Threat Catalogue",
|
|
"url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-14.html"
|
|
},
|
|
{
|
|
"url": "http://ieeexplore.ieee.org/document/6234407",
|
|
"description": "Yajin Zhou and Xuxian Jiang. (2012, May). Dissecting Android Malware: Characterization and Evolution. Retrieved December 9, 2016.",
|
|
"source_name": "Zhou"
|
|
},
|
|
{
|
|
"source_name": "Palo Alto HenBox",
|
|
"url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
|
|
"description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
|
|
}
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
|
|
],
|
|
"type": "attack-pattern",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "mitre-mobile-attack",
|
|
"phase_name": "initial-access"
|
|
},
|
|
{
|
|
"kill_chain_name": "mitre-mobile-attack",
|
|
"phase_name": "defense-evasion"
|
|
}
|
|
],
|
|
"modified": "2020-04-08T15:19:56.147Z",
|
|
"created": "2017-10-25T14:48:35.247Z",
|
|
"x_mitre_is_subtechnique": false,
|
|
"x_mitre_contributors": [
|
|
"Alex Hinchliffe, Palo Alto Networks"
|
|
],
|
|
"x_mitre_old_attack_id": "MOB-T1047",
|
|
"x_mitre_version": "2.1",
|
|
"x_mitre_tactic_type": [
|
|
"Post-Adversary Device Access"
|
|
],
|
|
"x_mitre_platforms": [
|
|
"Android",
|
|
"iOS"
|
|
],
|
|
"x_mitre_detection": "Users can detect malicious applications by watching for nuances that could indicate the application is not the intended one when it is being installed."
|
|
}
|
|
]
|
|
} |