cti/mobile-attack/attack-pattern/attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d.json

{
    "type": "bundle",
    "id": "bundle--e71ee8e0-1acd-48f2-adf4-e49b8953dcec",
    "spec_version": "2.0",
    "objects": [
        {
            "x_mitre_platforms": [
                "Android",
                "iOS"
            ],
            "x_mitre_domains": [
                "mobile-attack"
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "type": "attack-pattern",
            "id": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
            "created": "2022-04-01T13:12:23.522Z",
            "x_mitre_version": "1.0",
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "external_id": "T1636.002",
                    "url": "https://attack.mitre.org/techniques/T1636/002"
                },
                {
                    "url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-13.html",
                    "source_name": "NIST Mobile Threat Catalogue",
                    "external_id": "APP-13"
                }
            ],
            "x_mitre_deprecated": false,
            "revoked": false,
            "description": "Adversaries may utilize standard operating system APIs to gather call log data. On Android, this can be accomplished using the Call Log Content Provider. iOS provides no standard API to access the call log. \n\n \n\nIf the device has been jailbroken or rooted, an adversary may be able to access the [Call Log](https://attack.mitre.org/techniques/T1636/002) without the user\u2019s knowledge or approval. ",
            "modified": "2022-04-29T17:29:34.081Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "name": "Call Log",
            "x_mitre_detection": "On Android, the user can manage which applications have permission to access the call log through the device settings screen, revoking the permission if necessary. Application vetting services could look for `android.permission.READ_CALL_LOG` in an Android application\u2019s manifest. Most applications do not need call log access, so extra scrutiny could be applied to those that request it.  ",
            "kill_chain_phases": [
                {
                    "phase_name": "collection",
                    "kill_chain_name": "mitre-mobile-attack"
                }
            ],
            "x_mitre_is_subtechnique": true,
            "x_mitre_tactic_type": [
                "Post-Adversary Device Access"
            ],
            "x_mitre_attack_spec_version": "2.1.0",
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
        }
    ]
}