MITRE ATT&CK® Matrix

Mobile ATT&CK Matrix

A Glexia-styled visualization of ATT&CK tactics and techniques. This is not the MITRE Navigator UI and does not imply MITRE endorsement.

TA0035

Collection

24 techniques

TA0037

Command and Control

17 techniques

T1437 Application Layer Protocol Android, iOS T1437.001 Web Protocols Android, iOS T1481 Web Service Android, iOS T1481.001 Dead Drop Resolver Android, iOS T1481.002 Bidirectional Communication Android, iOS T1481.003 One-Way Communication Android, iOS T1509 Non-Standard Port Android, iOS T1521 Encrypted Channel Android, iOS T1521.001 Symmetric Cryptography Android, iOS T1521.002 Asymmetric Cryptography Android, iOS T1521.003 SSL Pinning Android, iOS T1544 Ingress Tool Transfer Android, iOS T1616 Call Control Android T1637 Dynamic Resolution Android, iOS T1637.001 Domain Generation Algorithms Android, iOS T1644 Out of Band Data Android, iOS T1663 Remote Access Software Android, iOS

TA0031

Credential Access

10 techniques

T1414 Clipboard Data Android, iOS T1417 Input Capture Android, iOS T1417.001 Keylogging Android, iOS T1417.002 GUI Input Capture Android, iOS T1453 Abuse Accessibility Features Android T1517 Access Notifications Android T1634 Credentials from Password Store iOS T1634.001 Keychain iOS T1635 Steal Application Access Token Android, iOS T1635.001 URI Hijacking Android, iOS

TA0030

Defense Evasion

33 techniques

TA0032

Discovery

13 techniques

TA0041

Execution

5 techniques

T1575 Native API Android T1603 Scheduled Task/Job Android, iOS T1623 Command and Scripting Interpreter Android, iOS T1623.001 Unix Shell Android, iOS T1658 Exploitation for Client Execution Android, iOS

TA0036

Exfiltration

3 techniques

T1639 Exfiltration Over Alternative Protocol Android, iOS T1639.001 Exfiltration Over Unencrypted Non-C2 Protocol Android, iOS T1646 Exfiltration Over C2 Channel Android, iOS

TA0034

Impact

11 techniques

T1464 Network Denial of Service Android, iOS T1471 Data Encrypted for Impact Android T1516 Input Injection Android T1582 SMS Control Android T1616 Call Control Android T1640 Account Access Removal Android T1641 Data Manipulation Android T1641.001 Transmitted Data Manipulation Android T1642 Endpoint Denial of Service Android, iOS T1643 Generate Traffic from Victim Android, iOS T1662 Data Destruction Android

TA0027

Initial Access

11 techniques

TA0033

Lateral Movement

2 techniques

T1428 Exploitation of Remote Services Android, iOS T1458 Replication Through Removable Media Android, iOS

TA0028

Persistence

10 techniques

T1398 Boot or Logon Initialization Scripts Android, iOS T1541 Foreground Persistence Android T1577 Compromise Application Executable Android T1603 Scheduled Task/Job Android, iOS T1624 Event Triggered Execution Android T1624.001 Broadcast Receivers Android T1625 Hijack Execution Flow Android T1625.001 System Runtime API Hijacking Android T1645 Compromise Client Software Binary Android, iOS T1676 Linked Devices Android, iOS

TA0029

Privilege Escalation

5 techniques

T1404 Exploitation for Privilege Escalation Android, iOS T1626 Abuse Elevation Control Mechanism Android T1626.001 Device Administrator Permissions Android T1631 Process Injection Android, iOS T1631.001 Ptrace System Calls Android, iOS

Exports

Structured JSON, CSV, and Navigator-layer export generation will use the normalized reference records after full sync. The current page is intentionally lightweight and source-backed.

Source and licensing

Source: MITRE ATT&CK®. © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation. Glexia is not affiliated with or endorsed by MITRE.

Official MITRE ATT&CK site Official STIX data repository MITRE ATT&CK terms of use

Mobile ATT&CK Matrix

124 techniques and sub-techniques mapped across 12 tactics

Exports