{"description": "Mobile techniques used by DEFENSOR ID, ATT&CK software S0479 (v1.0)", "name": "DEFENSOR ID (S0479)", "domain": "mobile-attack", "versions": {"layer": "4.5", "attack": "17", "navigator": "5.1.0"}, "techniques": [{"techniqueID": "T1437", "showSubtechniques": true}, {"techniqueID": "T1437.001", "comment": "[DEFENSOR ID](https://attack.mitre.org/software/S0479) has used Firebase Cloud Messaging for C2.(Citation: ESET DEFENSOR ID) ", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1624", "showSubtechniques": true}, {"techniqueID": "T1624.001", "comment": "[DEFENSOR ID](https://attack.mitre.org/software/S0479) abuses the accessibility service to auto-start the malware on device boot. This is accomplished by receiving the `android.accessibilityservice.AccessibilityService` intent.(Citation: ESET DEFENSOR ID)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1516", "comment": "[DEFENSOR ID](https://attack.mitre.org/software/S0479) can abuse the accessibility service to perform actions on behalf of the user, including launching attacker-specified applications to steal data.(Citation: ESET DEFENSOR ID)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1513", "comment": "[DEFENSOR ID](https://attack.mitre.org/software/S0479) can abuse the accessibility service to read any text displayed on the screen.(Citation: ESET DEFENSOR ID)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1418", "comment": "[DEFENSOR ID](https://attack.mitre.org/software/S0479) can retrieve a list of installed applications.(Citation: ESET DEFENSOR ID)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by DEFENSOR ID", "color": "#66b1ff"}]}