Calendar Entries - T1636.001 (a9fa0d30-a8ff-45bf-922e-7720da0b7922)
Adversaries may utilize standard operating system APIs to gather calendar entry data. On Android, this can be accomplished using the Calendar Content Provider. On iOS, this can be accomplished using the EventKit
framework.
If the device has been jailbroken or rooted, an adversary may be able to access Calendar Entries without the user’s knowledge or approval.
Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
---|---|---|---|---|
Calendar Entries - T1636.001 (a9fa0d30-a8ff-45bf-922e-7720da0b7922) | Attack Pattern | Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) | Attack Pattern | 1 |