Live Active security incident? Get immediate response
MITRE ATT&CK® Matrix

Mobile ATT&CK Matrix

A Glexia-styled visualization of ATT&CK tactics and techniques. This is not the MITRE Navigator UI and does not imply MITRE endorsement.

Matrix workbench

124 techniques and sub-techniques mapped across 12 tactics

Use this as a fast defensive coverage map. Each cell links to the normalized Glexia detail page with official source attribution and relationship context.

EnterpriseMobileICS
TA0035

Collection

0 techniques

No current techniques are mapped to this tactic in the normalized data.

TA0037

Command and Control

0 techniques

No current techniques are mapped to this tactic in the normalized data.

TA0031

Credential Access

0 techniques

No current techniques are mapped to this tactic in the normalized data.

TA0030

Defense Evasion

0 techniques

No current techniques are mapped to this tactic in the normalized data.

TA0032

Discovery

0 techniques

No current techniques are mapped to this tactic in the normalized data.

TA0041

Execution

0 techniques

No current techniques are mapped to this tactic in the normalized data.

TA0036

Exfiltration

0 techniques

No current techniques are mapped to this tactic in the normalized data.

TA0034

Impact

0 techniques

No current techniques are mapped to this tactic in the normalized data.

TA0027

Initial Access

0 techniques

No current techniques are mapped to this tactic in the normalized data.

TA0033

Lateral Movement

0 techniques

No current techniques are mapped to this tactic in the normalized data.

TA0028

Persistence

0 techniques

No current techniques are mapped to this tactic in the normalized data.

TA0029

Privilege Escalation

0 techniques

No current techniques are mapped to this tactic in the normalized data.

Browse

Unmapped / all techniques

124 techniques

T1398 Boot or Logon Initialization Scripts Android, iOS T1404 Exploitation for Privilege Escalation Android, iOS T1406 Obfuscated Files or Information Android, iOS T1406.001 Steganography Android T1406.002 Software Packing Android, iOS T1407 Download New Code at Runtime Android, iOS T1409 Stored Application Data Android, iOS T1414 Clipboard Data Android, iOS T1417 Input Capture Android, iOS T1417.001 Keylogging Android, iOS T1417.002 GUI Input Capture Android, iOS T1418 Software Discovery Android, iOS T1418.001 Security Software Discovery Android, iOS T1420 File and Directory Discovery Android, iOS T1421 System Network Connections Discovery Android T1422 System Network Configuration Discovery Android, iOS T1422.001 Internet Connection Discovery Android, iOS T1422.002 Wi-Fi Discovery Android, iOS T1423 Network Service Scanning Android, iOS T1424 Process Discovery Android, iOS T1426 System Information Discovery Android, iOS T1428 Exploitation of Remote Services Android, iOS T1429 Audio Capture Android, iOS T1430 Location Tracking Android, iOS T1430.001 Remote Device Management Services Android, iOS T1430.002 Impersonate SS7 Nodes Android, iOS T1437 Application Layer Protocol Android, iOS T1437.001 Web Protocols Android, iOS T1451 SIM Card Swap Android, iOS T1453 Abuse Accessibility Features Android T1456 Drive-By Compromise Android, iOS T1458 Replication Through Removable Media Android, iOS T1461 Lockscreen Bypass Android, iOS T1464 Network Denial of Service Android, iOS T1471 Data Encrypted for Impact Android T1474 Supply Chain Compromise Android, iOS T1474.001 Compromise Software Dependencies and Development Tools Android, iOS T1474.002 Compromise Hardware Supply Chain Android, iOS T1474.003 Compromise Software Supply Chain Android, iOS T1481 Web Service Android, iOS T1481.001 Dead Drop Resolver Android, iOS T1481.002 Bidirectional Communication Android, iOS T1481.003 One-Way Communication Android, iOS T1509 Non-Standard Port Android, iOS T1512 Video Capture Android, iOS T1513 Screen Capture Android T1516 Input Injection Android T1517 Access Notifications Android T1521 Encrypted Channel Android, iOS T1521.001 Symmetric Cryptography Android, iOS T1521.002 Asymmetric Cryptography Android, iOS T1521.003 SSL Pinning Android, iOS T1532 Archive Collected Data Android, iOS T1533 Data from Local System Android, iOS T1541 Foreground Persistence Android T1544 Ingress Tool Transfer Android, iOS T1575 Native API Android T1577 Compromise Application Executable Android T1582 SMS Control Android T1603 Scheduled Task/Job Android, iOS T1604 Proxy Through Victim Android T1616 Call Control Android T1617 Hooking Android T1623 Command and Scripting Interpreter Android, iOS T1623.001 Unix Shell Android, iOS T1624 Event Triggered Execution Android T1624.001 Broadcast Receivers Android T1625 Hijack Execution Flow Android T1625.001 System Runtime API Hijacking Android T1626 Abuse Elevation Control Mechanism Android T1626.001 Device Administrator Permissions Android T1627 Execution Guardrails Android, iOS T1627.001 Geofencing Android, iOS T1628 Hide Artifacts Android T1628.001 Suppress Application Icon Android T1628.002 User Evasion Android T1628.003 Conceal Multimedia Files Android T1629 Impair Defenses Android T1629.001 Prevent Application Removal Android T1629.002 Device Lockout Android T1629.003 Disable or Modify Tools Android T1630 Indicator Removal on Host iOS, Android T1630.001 Uninstall Malicious Application Android T1630.002 File Deletion Android T1630.003 Disguise Root/Jailbreak Indicators Android, iOS T1631 Process Injection Android, iOS T1631.001 Ptrace System Calls Android, iOS T1632 Subvert Trust Controls Android, iOS T1632.001 Code Signing Policy Modification Android, iOS T1633 Virtualization/Sandbox Evasion Android, iOS T1633.001 System Checks Android, iOS T1634 Credentials from Password Store iOS T1634.001 Keychain iOS T1635 Steal Application Access Token Android, iOS T1635.001 URI Hijacking Android, iOS T1636 Protected User Data Android, iOS T1636.001 Calendar Entries Android, iOS T1636.002 Call Log Android, iOS T1636.003 Contact List Android, iOS T1636.004 SMS Messages Android, iOS T1636.005 Accounts Android, iOS T1637 Dynamic Resolution Android, iOS T1637.001 Domain Generation Algorithms Android, iOS T1638 Adversary-in-the-Middle Android, iOS T1639 Exfiltration Over Alternative Protocol Android, iOS T1639.001 Exfiltration Over Unencrypted Non-C2 Protocol Android, iOS T1640 Account Access Removal Android T1641 Data Manipulation Android T1641.001 Transmitted Data Manipulation Android T1642 Endpoint Denial of Service Android, iOS T1643 Generate Traffic from Victim Android, iOS T1644 Out of Band Data Android, iOS T1645 Compromise Client Software Binary Android, iOS T1646 Exfiltration Over C2 Channel Android, iOS T1655 Masquerading Android, iOS T1655.001 Match Legitimate Name or Location Android, iOS T1658 Exploitation for Client Execution Android, iOS T1660 Phishing Android, iOS T1661 Application Versioning Android, iOS T1662 Data Destruction Android T1663 Remote Access Software Android, iOS T1664 Exploitation for Initial Access Android, iOS T1670 Virtualization Solution Android T1676 Linked Devices Android, iOS

Exports

Structured JSON, CSV, and Navigator-layer export generation will use the normalized reference records after full sync. The current page is intentionally lightweight and source-backed.

Source and licensing

Source: MITRE ATT&CK®. © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation. Glexia is not affiliated with or endorsed by MITRE.

Official MITRE ATT&CK site Official STIX data repository MITRE ATT&CK terms of use