cti/mobile-attack/attack-pattern/attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd.json

{
    "type": "bundle",
    "id": "bundle--177e4394-2b22-4420-b6c4-d12df8c33dca",
    "spec_version": "2.0",
    "objects": [
        {
            "modified": "2023-03-20T18:59:46.686Z",
            "name": "Hijack Execution Flow",
            "description": "Adversaries may execute their own malicious payloads by hijacking the way operating systems run applications. Hijacking execution flow can be for the purposes of persistence since this hijacked execution may reoccur over time. \n\nThere are many ways an adversary may hijack the flow of execution. A primary way is by manipulating how the operating system locates programs to be executed. How the operating system locates libraries to be used by a program can also be intercepted. Locations where the operating system looks for programs or resources, such as file directories, could also be poisoned to include malicious payloads.",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "mitre-mobile-attack",
                    "phase_name": "persistence"
                }
            ],
            "x_mitre_deprecated": false,
            "x_mitre_detection": "Mobile threat defense agents could detect unauthorized operating system modifications by using attestation.",
            "x_mitre_domains": [
                "mobile-attack"
            ],
            "x_mitre_is_subtechnique": false,
            "x_mitre_platforms": [
                "Android"
            ],
            "x_mitre_version": "1.1",
            "x_mitre_tactic_type": [
                "Post-Adversary Device Access"
            ],
            "type": "attack-pattern",
            "id": "attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd",
            "created": "2022-03-30T14:49:18.650Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "revoked": false,
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/techniques/T1625",
                    "external_id": "T1625"
                },
                {
                    "source_name": "NIST Mobile Threat Catalogue",
                    "url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-27.html",
                    "external_id": "APP-27"
                }
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "x_mitre_attack_spec_version": "3.1.0",
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
        }
    ]
}