cti/mobile-attack/attack-pattern/attack-pattern--6f86d346-f092-4abc-80df-8558a90c426a.json

{
    "type": "bundle",
    "id": "bundle--98b55f43-9fdd-4347-84c8-260b2dea9ca6",
    "spec_version": "2.0",
    "objects": [
        {
            "x_mitre_platforms": [
                "Android",
                "iOS"
            ],
            "x_mitre_domains": [
                "mobile-attack"
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "type": "attack-pattern",
            "id": "attack-pattern--6f86d346-f092-4abc-80df-8558a90c426a",
            "created": "2017-10-25T14:48:21.023Z",
            "x_mitre_version": "1.1",
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "external_id": "T1468",
                    "url": "https://attack.mitre.org/techniques/T1468"
                },
                {
                    "source_name": "Krebs-Location",
                    "url": "https://krebsonsecurity.com/2018/05/tracking-firm-locationsmart-leaked-location-data-for-customers-of-all-major-u-s-mobile-carriers-in-real-time-via-its-web-site/",
                    "description": "Brian Krebs. (2018, May 17). Tracking Firm LocationSmart Leaked Location Data for Customers of All Major U.S. Mobile Carriers Without Consent in Real Time Via Its Web Site. Retrieved November 8, 2018."
                },
                {
                    "url": "https://pages.nist.gov/mobile-threat-catalogue/ecosystem-threats/ECO-5.html",
                    "source_name": "NIST Mobile Threat Catalogue",
                    "external_id": "ECO-5"
                },
                {
                    "url": "https://pages.nist.gov/mobile-threat-catalogue/emm-threats/EMM-7.html",
                    "source_name": "NIST Mobile Threat Catalogue",
                    "external_id": "EMM-7"
                }
            ],
            "x_mitre_deprecated": false,
            "revoked": true,
            "description": "An adversary who is able to obtain unauthorized access to or misuse authorized access to cloud services (e.g. Google's Android Device Manager or Apple iCloud's Find my iPhone) or to an enterprise mobility management (EMM) / mobile device management (MDM) server console could use that access to track mobile devices.(Citation: Krebs-Location)",
            "modified": "2022-04-05T19:40:25.068Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "name": "Remotely Track Device Without Authorization",
            "x_mitre_detection": "Google sends a notification to the device when Android Device Manager is used to locate it. Additionally, Google provides the ability for users to view their general account activity. Apple iCloud also provides notifications to users of account activity.",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "mitre-mobile-attack",
                    "phase_name": "remote-service-effects"
                }
            ],
            "x_mitre_is_subtechnique": false,
            "x_mitre_tactic_type": [
                "Without Adversary Device Access"
            ],
            "x_mitre_attack_spec_version": "2.1.0",
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
        }
    ]
}