Skip to content

DS0041 Application Vetting

Application vetting report generated by an external cloud service.

Item Value
ID DS0041
Platforms Android, iOS
Collection Layers Report
Version 1.0
Created 13 March 2023
Last Modified 13 March 2023

Data Components

API Calls

API calls utilized by an application that could indicate malicious activity

Domain ID Name
mobile T1414 Clipboard Data
mobile T1623 Command and Scripting Interpreter
mobile T1623.001 Unix Shell
mobile T1645 Compromise Client Software Binary
mobile T1634 Credentials from Password Store
mobile T1634.001 Keychain
mobile T1471 Data Encrypted for Impact
mobile T1641 Data Manipulation
mobile T1641.001 Transmitted Data Manipulation
mobile T1407 Download New Code at Runtime
mobile T1627 Execution Guardrails
mobile T1627.001 Geofencing
mobile T1404 Exploitation for Privilege Escalation
mobile T1541 Foreground Persistence
mobile T1628 Hide Artifacts
mobile T1628.001 Suppress Application Icon
mobile T1629 Impair Defenses
mobile T1630 Indicator Removal on Host
mobile T1630.001 Uninstall Malicious Application
mobile T1406 Obfuscated Files or Information
mobile T1406.002 Software Packing
mobile T1424 Process Discovery
mobile T1631 Process Injection
mobile T1631.001 Ptrace System Calls
mobile T1513 Screen Capture
mobile T1418 Software Discovery
mobile T1418.001 Security Software Discovery
mobile T1635 Steal Application Access Token
mobile T1635.001 URI Hijacking
mobile T1409 Stored Application Data
mobile T1474 Supply Chain Compromise
mobile T1474.001 Compromise Software Dependencies and Development Tools
mobile T1474.003 Compromise Software Supply Chain
mobile T1633 Virtualization/Sandbox Evasion
mobile T1633.001 System Checks

Network Communication

Network requests made by an application or domains contacted

Domain ID Name
mobile T1428 Exploitation of Remote Services
mobile T1544 Ingress Tool Transfer
mobile T1509 Non-Standard Port
mobile T1481 Web Service
mobile T1481.001 Dead Drop Resolver
mobile T1481.002 Bidirectional Communication
mobile T1481.003 One-Way Communication

Permissions Requests

Permissions declared in an application’s manifest or property list file

Domain ID Name
mobile T1626 Abuse Elevation Control Mechanism
mobile T1626.001 Device Administrator Permissions
mobile T1517 Access Notifications
mobile T1640 Account Access Removal
mobile T1429 Audio Capture
mobile T1616 Call Control
mobile T1642 Endpoint Denial of Service
mobile T1624 Event Triggered Execution
mobile T1624.001 Broadcast Receivers
mobile T1627 Execution Guardrails
mobile T1627.001 Geofencing
mobile T1643 Generate Traffic from Victim
mobile T1630 Indicator Removal on Host
mobile T1630.002 File Deletion
mobile T1544 Ingress Tool Transfer
mobile T1417 Input Capture
mobile T1417.001 Keylogging
mobile T1417.002 GUI Input Capture
mobile T1430 Location Tracking
mobile T1636 Protected User Data
mobile T1636.001 Calendar Entries
mobile T1636.002 Call Log
mobile T1636.003 Contact List
mobile T1636.004 SMS Messages
mobile T1422 System Network Configuration Discovery
mobile T1512 Video Capture

Protected Configuration

Device configuration options that are not typically utilized by benign applications

Domain ID Name
mobile T1638 Adversary-in-the-Middle