-
Notifications
You must be signed in to change notification settings - Fork 6
/
attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad.json
48 lines (48 loc) · 3.34 KB
/
attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
{
"id": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
"created_by_ref": "The MITRE Corporation",
"name": "Supply Chain Compromise",
"description": "As further described in [Supply Chain Compromise](https://attack.mitre.org/techniques/T1195), supply chain compromise is the manipulation of products or product delivery mechanisms prior to receipt by a final consumer for the purpose of data or system compromise. Somewhat related, adversaries could also identify and exploit inadvertently present vulnerabilities. In many cases, it may be difficult to be certain whether exploitable functionality is due to malicious intent or simply inadvertent mistake.\n\nThird-party libraries incorporated into mobile apps could contain malicious behavior, privacy-invasive behavior, or exploitable vulnerabilities. An adversary could deliberately insert malicious behavior or could exploit inadvertent vulnerabilities. For example, security issues have previously been identified in third-party advertising libraries incorporated into apps.(Citation: NowSecure-RemoteCode)(Citation: Grace-Advertisement).",
"external_references": [
{
"source_name": "mitre-mobile-attack",
"external_id": "T1474",
"url": "https://attack.mitre.org/techniques/T1474"
},
{
"external_id": "APP-6",
"source_name": "NIST Mobile Threat Catalogue",
"url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-6.html"
},
{
"source_name": "NowSecure-RemoteCode",
"description": "Ryan Welton. (2015, June 15). A Pattern for Remote Code Execution using Arbitrary File Writes and MultiDex Applications. Retrieved December 22, 2016.",
"url": "https://www.nowsecure.com/blog/2015/06/15/a-pattern-for-remote-code-execution-using-arbitrary-file-writes-and-multidex-applications/"
},
{
"source_name": "Grace-Advertisement",
"description": "M. Grace et al. (2012, April 16-18). Unsafe exposure analysis of mobile in-app advertisements. Retrieved December 22, 2016.",
"url": "https://www.nowsecure.com/blog/2015/06/15/a-pattern-for-remote-code-execution-using-arbitrary-file-writes-and-multidex-applications/"
}
],
"type": "attack-pattern",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-mobile-attack",
"phase_name": "initial-access"
}
],
"modified": "2020-10-19T18:06:09.010Z",
"created": "2018-10-17T00:14:20.652Z",
"x_mitre_is_subtechnique": false,
"x_mitre_old_attack_id": "MOB-T1077",
"x_mitre_version": "1.1",
"x_mitre_tactic_type": [
"Post-Adversary Device Access"
],
"x_mitre_platforms": [
"Android",
"iOS"
],
"x_mitre_detection": "* Insecure third-party libraries could be detected by application vetting techniques. For example, Google's [App Security Improvement Program](https://developer.android.com/google/play/asi) detects the use of third-party libraries with known vulnerabilities within Android apps submitted to the Google Play Store.\n* Malicious software development tools could be detected by enterprises deploying integrity checking software to the computers that they use to develop code to detect presence of unauthorized, modified software development tools."
}