From d09681b01135e28430cbc2db0c583712ece704e7 Mon Sep 17 00:00:00 2001 From: Bernardo Santos Date: Tue, 12 Oct 2021 10:45:03 +0200 Subject: [PATCH] CONCORDIA MTMF - Initial version Initial version of the CONCORDIA Mobile Threat Modelling Framework for the CONCORDIA Project: https://www.concordia-h2020.eu/ --- clusters/cmtmf-attack-pattern.json | 1120 ++++++++++++++++++++++++++++ galaxies/cmtmf-attack-pattern.json | 27 + 2 files changed, 1147 insertions(+) create mode 100644 clusters/cmtmf-attack-pattern.json create mode 100644 galaxies/cmtmf-attack-pattern.json diff --git a/clusters/cmtmf-attack-pattern.json b/clusters/cmtmf-attack-pattern.json new file mode 100644 index 00000000..e6a4d0f2 --- /dev/null +++ b/clusters/cmtmf-attack-pattern.json @@ -0,0 +1,1120 @@ +{ + "authors": [ + "Bernardo Santos, OsloMet (Norway)", + "Prof. Dr. Thanh van Do, Telenor Research (Norway)" , + "Luis Barriga, Ericsson AB (Sweden)", + "Prof. Boning Feng, OsloMet (Norway)", + "Van Thuan Do, Wolffia AS (Norway)", + "Bruno Dzogovic, OsloMet (Norway)", + "Niels Jacot, Wolffia AS (Norway)" + ], + "category": "cmmf-attack-pattern", + "description": "A list of Techniques in CONCORDIA Mobile Modelling Framework.", + "name": "CONCORDIA Mobile Modelling Framework - Techniques", + "source": "https://5g4iot.vlab.cs.hioa.no/", + "type": "cmmf-techniques", + "uuid": "53e344f4-fa6c-4d42-9c65-1ffe1e093120", + "values": [ + { + "description": "TBD", + "meta": { + "external_id": "T0001", + "kill_chain": [ + "cmmf-attack:reconnaissance" + ], + }, + "uuid": "92ac46f5-4356-427a-8863-2de3f974713f", + "value": "Active Scanning" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0002", + "kill_chain": [ + "cmmf-attack:reconnaissance" + ], + }, + "uuid": "dd601586-1102-4084-80ad-a6776d8e46b0", + "value": "Gather UE Identity Information" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0003", + "kill_chain": [ + "cmmf-attack:reconnaissance" + ], + }, + "uuid": "f43b9606-aa17-4c51-a26c-6bdba0440e4a", + "value": "Gather UE Network Information" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0004", + "kill_chain": [ + "cmmf-attack:reconnaissance" + ], + }, + "uuid": "668a9ba5-9bd2-4e51-ad7d-0846d992723b", + "value": "Phishing for Information" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0005", + "kill_chain": [ + "cmmf-attack:reconnaissance" + ], + }, + "uuid": "d0140441-ebe0-4508-8572-ab91aa237980", + "value": "Social Media Reports" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0006", + "kill_chain": [ + "cmmf-attack:resource-development" + ], + }, + "uuid": "a0224c49-b049-40eb-8012-e723c76aa841", + "value": "Develop Capabilities" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0007", + "kill_chain": [ + "cmmf-attack:resource-development" + ], + }, + "uuid": "37fc2d12-0e65-4e6c-a55f-0a24f818c6cb", + "value": "Obtain Capabilities" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0008", + "kill_chain": [ + "cmmf-attack:resource-development" + ], + }, + "uuid": "71f1f231-f14b-417d-aa5b-dd0bcb76eefb", + "value": "Stage Capabilities" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0009", + "kill_chain": [ + "cmmf-attack:resource-development" + ], + }, + "uuid": "eb793a3a-ca08-43ea-bf56-da4d06d5f273", + "value": "Compromise Accounts" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0010", + "kill_chain": [ + "cmmf-attack:resource-development" + ], + }, + "uuid": "51060d01-ef29-40ab-8965-8031d0941811", + "value": "Aquire Infrastructure" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0011", + "kill_chain": [ + "cmmf-attack:resource-development" + ], + }, + "uuid": "53e344f4-fa6c-4d42-9c65-1ffe1e093120", + "value": "Compromise Infrastructure" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0012", + "kill_chain": [ + "cmmf-attack:initial-access" + ], + }, + "uuid": "92ac46f5-4356-427a-8863-2de3f974713f", + "value": "Exploit Public-Facing Application" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0013", + "kill_chain": [ + "cmmf-attack:initial-access" + ], + }, + "uuid": "dd601586-1102-4084-80ad-a6776d8e46b0", + "value": "Malicious App from App Store" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0014", + "kill_chain": [ + "cmmf-attack:initial-access" + ], + }, + "uuid": "f43b9606-aa17-4c51-a26c-6bdba0440e4a", + "value": "Malicious App from Third Party" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0015", + "kill_chain": [ + "cmmf-attack:initial-access" + ], + }, + "uuid": "668a9ba5-9bd2-4e51-ad7d-0846d992723b", + "value": "Install Insecure or Malicious Configuration" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0016", + "kill_chain": [ + "cmmf-attack:initial-access" + ], + }, + "uuid": "d0140441-ebe0-4508-8572-ab91aa237980", + "value": "Masquerade as Legitimate Application" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0017", + "kill_chain": [ + "cmmf-attack:initial-access" + ], + }, + "uuid": "a0224c49-b049-40eb-8012-e723c76aa841", + "value": "Exploit via Charging Station or PC" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0018", + "kill_chain": [ + "cmmf-attack:initial-access" + ], + }, + "uuid": "37fc2d12-0e65-4e6c-a55f-0a24f818c6cb", + "value": "Exploit via Radio Interfaces" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0019", + "kill_chain": [ + "cmmf-attack:initial-access" + ], + }, + "uuid": "71f1f231-f14b-417d-aa5b-dd0bcb76eefb", + "value": "Rogue Cellular Base Station" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0020", + "kill_chain": [ + "cmmf-attack:initial-access" + ], + }, + "uuid": "eb793a3a-ca08-43ea-bf56-da4d06d5f273", + "value": "Insider attacks and human errors" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0021", + "kill_chain": [ + "cmmf-attack:initial-access" + ], + }, + "uuid": "2781ceb6-fff9-4e0e-8e58-4c970911f87a", + "value": "Trusted Relationship" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0022", + "kill_chain": [ + "cmmf-attack:initial-access" + ], + }, + "uuid": "fa6f94a8-d5f9-462a-883c-f5e4317a54dd", + "value": "Supply Chain Compromise" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0023", + "kill_chain": [ + "cmmf-attack:execution" + ], + }, + "uuid": "870e8141-ad9a-435e-bf10-835d96348973", + "value": "Native Code" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0024", + "kill_chain": [ + "cmmf-attack:execution" + ], + }, + "uuid": "7ac81844-d442-4d93-b922-59a44ca79454", + "value": "Scheduled Task/Job" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0025", + "kill_chain": [ + "cmmf-attack:execution" + ], + }, + "uuid": "c1cffc56-217e-42cb-8330-49269dde8054", + "value": "Command-Line Interface" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0026", + "kill_chain": [ + "cmmf-attack:execution" + ], + }, + "uuid": "a47e9e97-87f9-450e-84f0-ca628a33d0ce", + "value": "Command and Scripting Interpreter" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0027", + "kill_chain": [ + "cmmf-attack:persistence" + ], + }, + "uuid": "3b3c1a0b-512c-44a7-93ea-1f64501acb4d", + "value": "Boot or Logon Autostart Execution" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0028", + "kill_chain": [ + "cmmf-attack:persistence" + ], + }, + "uuid": "2cb0bb08-0ded-410d-b0de-baa5b6e65bf7", + "value": "Foreground Persistence" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0029", + "kill_chain": [ + "cmmf-attack:persistence" + ], + }, + "uuid": "8f908951-f95f-4c23-bda1-124030df1478", + "value": "Modify Cached Executable Code" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0030", + "kill_chain": [ + "cmmf-attack:persistence" + ], + }, + "uuid": "5dfc5ad7-ee6b-462b-ad51-4656c2f75003", + "value": "Modify Trusted Execution Environment" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0031", + "kill_chain": [ + "cmmf-attack:persistence" + ], + }, + "uuid": "387d2448-73de-4d17-a236-1264c7d4b4d5", + "value": "Schedule Task/Job" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0032", + "kill_chain": [ + "cmmf-attack:persistence" + ], + }, + "uuid": "981fc4a0-f704-42d5-b938-e6d0428177d3", + "value": "Compromise Application Executable" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0033", + "kill_chain": [ + "cmmf-attack:persistence" + ], + }, + "uuid": "ad487281-8e08-432e-ac8c-1012c1bd15e3", + "value": "Modify OS Kernel or Boot Partition" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0034", + "kill_chain": [ + "cmmf-attack:persistence" + ], + }, + "uuid": "885fb448-33de-4223-b1ec-1c03a2e2f599", + "value": "Event Triggered Execution" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0035", + "kill_chain": [ + "cmmf-attack:persistence" + ], + }, + "uuid": "de82ce3e-bbaf-4bbb-aa93-5a67d476c867", + "value": "Spoofed radio network" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0036", + "kill_chain": [ + "cmmf-attack:persistence" + ], + }, + "uuid": "e999a2f8-96cc-41b4-8199-66afc4e19919", + "value": "Infecting network nodes" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0037", + "kill_chain": [ + "cmmf-attack:priviledge-escalation" + ], + }, + "uuid": "7b487a20-faa0-441d-8e31-44d872d12b3d", + "value": "Code Injection" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0038", + "kill_chain": [ + "cmmf-attack:priviledge-escalation" + ], + }, + "uuid": "5ce17e6a-44aa-415a-864e-c7b45409350e", + "value": "Process Injection" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0039", + "kill_chain": [ + "cmmf-attack:priviledge-escalation" + ], + }, + "uuid": "ba7ec530-57d1-42ea-94ce-32922d3a82b8", + "value": "Schedule Task/Job" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0040", + "kill_chain": [ + "cmmf-attack:defense-evasion" + ], + }, + "uuid": "546cf539-733a-45d2-b112-297e920bdfe5", + "value": "Masquerading" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0041", + "kill_chain": [ + "cmmf-attack:defense-evasion" + ], + }, + "uuid": "59111ac3-8f51-4974-b72d-51ae64902b3d", + "value": "Disguise Root/Jailbreak Indicators" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0042", + "kill_chain": [ + "cmmf-attack:defense-evasion" + ], + }, + "uuid": "20b446a7-214f-4709-80d3-6c1426b57a00", + "value": "Evade Analysis Environment" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0043", + "kill_chain": [ + "cmmf-attack:defense-evasion" + ], + }, + "uuid": "2ce9d395-501f-4b7c-9106-14ac33c27765", + "value": "Modify Trusted Execution Environment" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0044", + "kill_chain": [ + "cmmf-attack:defense-evasion" + ], + }, + "uuid": "2e04955b-296a-43cd-8994-ccd7ae882230", + "value": "Obfuscated Files or Information" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0045", + "kill_chain": [ + "cmmf-attack:defense-evasion" + ], + }, + "uuid": "9b6de21d-8583-4efd-bcbc-3aa66b9dbf68", + "value": "Suppress Application Icon" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0046", + "kill_chain": [ + "cmmf-attack:defense-evasion" + ], + }, + "uuid": "d166bb9a-63d0-4555-a571-eeaef97a39d1", + "value": "Uninstall Malicious Application" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0047", + "kill_chain": [ + "cmmf-attack:defense-evasion" + ], + }, + "uuid": "173d8221-a5b4-4efa-b3aa-902c6e7b7ead", + "value": "Install Insecure or Malicious Configuration" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0048", + "kill_chain": [ + "cmmf-attack:defense-evasion" + ], + }, + "uuid": "a0ffe349-849b-4c6e-9f4c-10eef819d124", + "value": "Geofencing" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0049", + "kill_chain": [ + "cmmf-attack:defense-evasion" + ], + }, + "uuid": "8b204308-e643-4fdb-a337-92d372bd917a", + "value": "Shutdown Remote Device" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0050", + "kill_chain": [ + "cmmf-attack:defense-evasion" + ], + }, + "uuid": "f301abc6-6590-4ab2-93ef-d8ca435179c4", + "value": "Exploitation for Defense Evasion" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0051", + "kill_chain": [ + "cmmf-attack:defense-evasion" + ], + }, + "uuid": "cf685f28-fc43-4cf6-b91c-9dbcc42ddc02", + "value": "Security Audit Camouflage" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0052", + "kill_chain": [ + "cmmf-attack:defense-evasion" + ], + }, + "uuid": "30e03f2f-ae68-436f-b677-e41457def8ac", + "value": "Overload Avoidance" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0053", + "kill_chain": [ + "cmmf-attack:defense-evasion" + ], + }, + "uuid": "36d3aadd-48e6-49e3-89b7-894074179059", + "value": "Traffic Distribution" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0054", + "kill_chain": [ + "cmmf-attack:credential-access" + ], + }, + "uuid": "e26c80cd-6c94-4a17-bef6-272d5fdeec0d", + "value": "URI Hijacking" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0055", + "kill_chain": [ + "cmmf-attack:credential-access" + ], + }, + "uuid": "c32c2fb2-056d-4b4f-a44d-1728858f6aeb", + "value": "Access Sensitive Data in Device Logs" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0056", + "kill_chain": [ + "cmmf-attack:credential-access" + ], + }, + "uuid": "eed66957-03d7-472e-bfce-7fbc833295af", + "value": "Modify Authentication Process" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0057", + "kill_chain": [ + "cmmf-attack:credential-access" + ], + }, + "uuid": "5f26a03f-b603-46b1-a8ee-91eb02023059", + "value": "Forced Authentication" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0058", + "kill_chain": [ + "cmmf-attack:discovery" + ], + }, + "uuid": "941608a1-3058-465f-91f0-ee4f2a40f81e", + "value": "System Network Connections Discovery" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0059", + "kill_chain": [ + "cmmf-attack:discovery" + ], + }, + "uuid": "6e9807b1-2505-4ebe-a6f9-3348d3d60a2c", + "value": "UE knocking" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0060", + "kill_chain": [ + "cmmf-attack:discovery" + ], + }, + "uuid": "eb40555d-aa7b-42d3-b998-b613460818b1", + "value": "Internal Resource Search" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0061", + "kill_chain": [ + "cmmf-attack:discovery" + ], + }, + "uuid": "0753376d-1027-451a-b398-35e2700722d4", + "value": "Network Sniffing" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0062", + "kill_chain": [ + "cmmf-attack:lateral-movement" + ], + }, + "uuid": "c026638d-2c10-45f2-a52b-3c82e06f3355", + "value": "Rogue Cellular Base Station" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0063", + "kill_chain": [ + "cmmf-attack:lateral-movement" + ], + }, + "uuid": "3a40f88e-bcf8-4b6e-919f-229ee48b5a1a", + "value": "Abusing Inter-working Functionalities" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0064", + "kill_chain": [ + "cmmf-attack:lateral-movement" + ], + }, + "uuid": "5210f87e-7111-4f42-a941-de7649378670", + "value": "Replication Through SMS" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0065", + "kill_chain": [ + "cmmf-attack:lateral-movement" + ], + }, + "uuid": "ef3eb056-73fa-405b-aa8c-f1777454c1c5", + "value": "Replication Through Bluetooth" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0066", + "kill_chain": [ + "cmmf-attack:lateral-movement" + ], + }, + "uuid": "87ced388-2de0-4a71-b4b7-18de07d7aab7", + "value": "Replication Through WLAN" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0067", + "kill_chain": [ + "cmmf-attack:lateral-movement" + ], + }, + "uuid": "c27db767-e8fa-4ff6-afe2-2b311bf6401d", + "value": "Replication Through IP" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0068", + "kill_chain": [ + "cmmf-attack:lateral-movement" + ], + }, + "uuid": "063e1ff2-0af8-4431-b886-83463c5880a8", + "value": "Exploit platform & service specific vulnerabilites" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0069", + "kill_chain": [ + "cmmf-attack:collection" + ], + }, + "uuid": "2b5fd58f-09b6-4af9-a3d5-21e65617bf6f", + "value": "Access Sensitive Data in Device Logs" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0070", + "kill_chain": [ + "cmmf-attack:collection" + ], + }, + "uuid": "831eb5b3-bcd9-4a1e-b587-bc0b4dc42059", + "value": "Network Traffic Capture or Redirection" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0071", + "kill_chain": [ + "cmmf-attack:collection" + ], + }, + "uuid": "39aff570-7266-40d3-975e-a63838404a67", + "value": "Network-specific identifiers" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0072", + "kill_chain": [ + "cmmf-attack:collection" + ], + }, + "uuid": "b706e308-6c75-457f-9d9f-fff37c60e1db", + "value": "Network-specific data" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0073", + "kill_chain": [ + "cmmf-attack:command-and-control" + ], + }, + "uuid": "17983470-8ddb-47d2-9675-e25371a1b1ad", + "value": "Application Layer Protocol" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0074", + "kill_chain": [ + "cmmf-attack:command-and-control" + ], + }, + "uuid": "0e114cd1-0f0e-4d5d-88e6-e7e31bb6040f", + "value": "Communication via SMS" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0075", + "kill_chain": [ + "cmmf-attack:command-and-control" + ], + }, + "uuid": "6581316b-abab-4791-8821-92837688ec7f", + "value": "Communication via Bluetooth" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0076", + "kill_chain": [ + "cmmf-attack:command-and-control" + ], + }, + "uuid": "99743297-6bd4-467e-8fca-841b43c88dd2", + "value": "Communication via WLAN" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0077", + "kill_chain": [ + "cmmf-attack:command-and-control" + ], + }, + "uuid": "284abb74-49be-4a51-85a0-a1f68286bca7", + "value": "Exploit SS7 to Redirect Phone Calls/SMS" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0078", + "kill_chain": [ + "cmmf-attack:command-and-control" + ], + }, + "uuid": "e6e16b6f-c692-4b21-8eb0-6c2890d6e28a", + "value": "Exploit SS7 to Track Device Location" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0079", + "kill_chain": [ + "cmmf-attack:command-and-control" + ], + }, + "uuid": "85e2973b-8b37-4811-9406-f0c4db9fe44d", + "value": "SS7-based attacks" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0080", + "kill_chain": [ + "cmmf-attack:command-and-control" + ], + }, + "uuid": "89005def-29bc-44cf-8002-e781b1596b1f", + "value": "Diameter-based attacks" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0081", + "kill_chain": [ + "cmmf-attack:command-and-control" + ], + }, + "uuid": "3d4c4144-9a7e-4e92-9a10-731a31013628", + "value": "GTP-based attacks" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0082", + "kill_chain": [ + "cmmf-attack:command-and-control" + ], + }, + "uuid": "47a84cf2-839e-4ff1-9de5-ee3314a5e173", + "value": "NAS-based attacks" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0083", + "kill_chain": [ + "cmmf-attack:command-and-control" + ], + }, + "uuid": "c474ff9d-92e5-47c3-af19-4fcb85827fa1", + "value": "MEC-based attacks" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0084", + "kill_chain": [ + "cmmf-attack:command-and-control" + ], + }, + "uuid": "3f76efaa-8881-4dab-ae50-d298206301ab", + "value": "Network Slice" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0085", + "kill_chain": [ + "cmmf-attack:exfiltration" + ], + }, + "uuid": "670cd16f-50a3-4fd3-8ca5-31bfaa1fd5ff", + "value": "Automated Exfiltration" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0086", + "kill_chain": [ + "cmmf-attack:exfiltration" + ], + }, + "uuid": "d5f814f7-a53c-4747-b780-bd8e43364648", + "value": "Data Encrypted" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0087", + "kill_chain": [ + "cmmf-attack:exfiltration" + ], + }, + "uuid": "ab3f1c6a-2b14-44e4-b27b-3b482204977f", + "value": "Alternate Network Mediums" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0088", + "kill_chain": [ + "cmmf-attack:impact" + ], + }, + "uuid": "ae23f6b2-5c3a-4d0c-9fd7-cacffcc0f08b", + "value": "Data Manipulation" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0089", + "kill_chain": [ + "cmmf-attack:impact" + ], + }, + "uuid": "b82d3bbc-7fa0-4e48-8075-76bc22f80503", + "value": "Endpoint Denial of Service" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0090", + "kill_chain": [ + "cmmf-attack:impact" + ], + }, + "uuid": "ba42942b-7f37-4ff2-8fc8-0b640add131e", + "value": "Carrier Billing Fraud" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0091", + "kill_chain": [ + "cmmf-attack:impact" + ], + }, + "uuid": "8f9ca72c-757c-4691-a779-921605c88a46", + "value": "SMS Fraud" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0092", + "kill_chain": [ + "cmmf-attack:impact" + ], + }, + "uuid": "73b37857-106b-40cc-b539-00fe1b8aefe3", + "value": "Manipulate Device Communication" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0093", + "kill_chain": [ + "cmmf-attack:impact" + ], + }, + "uuid": "b4682597-2daf-4ab2-b333-6af83de0771b", + "value": "Jamming or Denial of Service" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0094", + "kill_chain": [ + "cmmf-attack:impact" + ], + }, + "uuid": "93ead55c-9397-4a5b-aa37-2bf93fa9e1d0", + "value": "Rogue Cellular Base Station" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0095", + "kill_chain": [ + "cmmf-attack:impact" + ], + }, + "uuid": "9df725d7-fe97-42da-9be8-da248393a5fa", + "value": "Location Tracking" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0096", + "kill_chain": [ + "cmmf-attack:impact" + ], + }, + "uuid": "7d89bb73-00e6-436c-96d6-f444b8f2ac15", + "value": "Identity Exploit" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0097", + "kill_chain": [ + "cmmf-attack:impact" + ], + }, + "uuid": "1ca0fa6e-0484-4e4f-a10e-857225bd4819", + "value": "Network Denial of Service" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0098", + "kill_chain": [ + "cmmf-attack:impact" + ], + }, + "uuid": "0b6e114b-2ded-4bc5-84d2-25cc81e8724a", + "value": "Resource Hijacking" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0099", + "kill_chain": [ + "cmmf-attack:impact" + ], + }, + "uuid": "939f6c9d-bdb4-4877-89f0-716e346ef012", + "value": "SLA Breach" + }, + { + "description": "TBD", + "meta": { + "external_id": "T0100", + "kill_chain": [ + "cmmf-attack:impact" + ], + }, + "uuid": "75c4e3c7-8501-446d-b362-4134d035f7fa", + "value": "Customer Churn" + }, + ], + "version": 1 +} diff --git a/galaxies/cmtmf-attack-pattern.json b/galaxies/cmtmf-attack-pattern.json new file mode 100644 index 00000000..0f9cc824 --- /dev/null +++ b/galaxies/cmtmf-attack-pattern.json @@ -0,0 +1,27 @@ +{ + "description": "CONCORDIA Mobile Modeling Framework - Tactics", + "icon": "", + "kill_chain_order": { + "cmmf-attack": [ + "reconnaissance", + "resource-development" + "initial-access", + "execution", + "persistence", + "privilege-escalation", + "defense-evasion", + "credential-access", + "discovery", + "lateral-movement", + "collection", + "command-and-control", + "exfiltration", + "impact" + ] + }, + "name": "CONCORDIA Mobile Modelling Framework - Attack Pattern", + "namespace": "cmmf-attack", + "type": "cmmf-attack-pattern", + "uuid": "51060d01-ef29-40ab-8965-8031d0941811", + "version": 1 +}