Skip to content

Hide Navigation Hide TOC

Deploy Compromised Device Detection Method - M1010 (cf2cccb1-cab8-431a-8ecf-f7874d05f433)

A variety of methods exist that can be used to enable enterprises to identify compromised (e.g. rooted/jailbroken) devices, whether using security mechanisms built directly into the device, third-party mobile security applications, enterprise mobility management (EMM)/mobile device management (MDM) capabilities, or other methods. Some methods may be trivial to evade while others may be more sophisticated.

Cluster A Galaxy A Cluster B Galaxy B Level
Credentials from Password Store - T1634 (cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3) Attack Pattern Deploy Compromised Device Detection Method - M1010 (cf2cccb1-cab8-431a-8ecf-f7874d05f433) Course of Action 1
Impair Defenses - T1629 (20b0931a-8952-42ca-975f-775bad295f1a) Attack Pattern Deploy Compromised Device Detection Method - M1010 (cf2cccb1-cab8-431a-8ecf-f7874d05f433) Course of Action 1
Command and Scripting Interpreter - T1623 (29f1f56c-7b7a-4c14-9e39-59577ea2743c) Attack Pattern Deploy Compromised Device Detection Method - M1010 (cf2cccb1-cab8-431a-8ecf-f7874d05f433) Course of Action 1
Disable or Modify Tools - T1629.003 (2aa78dfd-cb6f-4c70-9408-137cfd96be49) Attack Pattern Deploy Compromised Device Detection Method - M1010 (cf2cccb1-cab8-431a-8ecf-f7874d05f433) Course of Action 1
User Evasion - T1628.002 (24a77e53-0751-46fc-b207-99378fb35c08) Attack Pattern Deploy Compromised Device Detection Method - M1010 (cf2cccb1-cab8-431a-8ecf-f7874d05f433) Course of Action 1
Unix Shell - T1623.001 (693cdbff-ea73-49c6-ac3f-91e7285c31d1) Attack Pattern Deploy Compromised Device Detection Method - M1010 (cf2cccb1-cab8-431a-8ecf-f7874d05f433) Course of Action 1
Keychain - T1634.001 (8605a0ec-b44a-4e98-a7fc-87d4bd3acb66) Attack Pattern Deploy Compromised Device Detection Method - M1010 (cf2cccb1-cab8-431a-8ecf-f7874d05f433) Course of Action 1
Hooking - T1617 (ccde43e4-78f9-4f32-b401-c081e7db71ea) Attack Pattern Deploy Compromised Device Detection Method - M1010 (cf2cccb1-cab8-431a-8ecf-f7874d05f433) Course of Action 1
Deploy Compromised Device Detection Method - M1010 (cf2cccb1-cab8-431a-8ecf-f7874d05f433) Course of Action Exploitation for Privilege Escalation - T1404 (351c0927-2fc1-4a2c-ad84-cbbee7eb8172) Attack Pattern 1
Disable or Modify Tools - T1629.003 (2aa78dfd-cb6f-4c70-9408-137cfd96be49) Attack Pattern Impair Defenses - T1629 (20b0931a-8952-42ca-975f-775bad295f1a) Attack Pattern 2
User Evasion - T1628.002 (24a77e53-0751-46fc-b207-99378fb35c08) Attack Pattern Hide Artifacts - T1628 (fc53309d-ebd5-4573-9242-57024ebdad4f) Attack Pattern 2
Unix Shell - T1623.001 (693cdbff-ea73-49c6-ac3f-91e7285c31d1) Attack Pattern Command and Scripting Interpreter - T1623 (29f1f56c-7b7a-4c14-9e39-59577ea2743c) Attack Pattern 2
Credentials from Password Store - T1634 (cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3) Attack Pattern Keychain - T1634.001 (8605a0ec-b44a-4e98-a7fc-87d4bd3acb66) Attack Pattern 2