Skip to content

T1456 Drive-by Compromise

As described by Drive-by Compromise, a drive-by compromise is when an adversary gains access to a system through a user visiting a website over the normal course of browsing. With this technique, the user’s web browser is targeted for exploitation. For example, a website may contain malicious media content intended to exploit vulnerabilities in media parsers as demonstrated by the Android Stagefright vulnerability 1.

(This technique was formerly known as Malicious Web Content. It has been renamed to better align with ATT&CK for Enterprise.)

Item Value
ID T1456
Tactics TA0027
Platforms Android, iOS
Version 1.0
Created 25 October 2017
Last Modified 17 October 2018

Procedure Examples

ID Name Description
S0463 INSOMNIA INSOMNIA has utilized malicious JavaScript and iframes to exploit WebKit running on vulnerable iOS 12 devices.4
S0289 Pegasus for iOS Pegasus for iOS was distributed through a web site by exploiting vulnerabilities in the Safari web browser on iOS devices.3
S0328 Stealth Mango Stealth Mango is delivered via a a watering hole website that mimics the third-party Android app store APKMonk. In at least one case, the watering hole URL was distributed through Facebook Messenger.2


ID Mitigation Description
M1001 Security Updates -
M1006 Use Recent OS Version -


Back to top