mirror of https://github.com/MISP/misp-galaxy
1051 lines
25 KiB
JSON
1051 lines
25 KiB
JSON
{
|
|
"authors": [
|
|
"Bernardo Santos, OsloMet (Norway)",
|
|
"Prof. Dr. Thanh van Do, Telenor Research (Norway)",
|
|
"Luis Barriga, Ericsson AB (Sweden)",
|
|
"Prof. Boning Feng, OsloMet (Norway)",
|
|
"Van Thuan Do, Wolffia AS (Norway)",
|
|
"Bruno Dzogovic, OsloMet (Norway)",
|
|
"Niels Jacot, Wolffia AS (Norway)"
|
|
],
|
|
"category": "cmtmf-attack-pattern",
|
|
"description": "A list of Techniques in CONCORDIA Mobile Modelling Framework.",
|
|
"name": "CONCORDIA Mobile Modelling Framework - Attack Pattern",
|
|
"source": "https://5g4iot.vlab.cs.hioa.no/",
|
|
"type": "cmtmf-attack-pattern",
|
|
"uuid": "53e344f4-fa6c-4d42-9c65-1ffe1e093120",
|
|
"values": [
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0001",
|
|
"kill_chain": [
|
|
"cmtmf-attack:reconnaissance"
|
|
]
|
|
},
|
|
"uuid": "92ac46f5-4356-427a-8863-2de3f974713f",
|
|
"value": "Active Scanning"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0002",
|
|
"kill_chain": [
|
|
"cmtmf-attack:reconnaissance"
|
|
]
|
|
},
|
|
"uuid": "dd601586-1102-4084-80ad-a6776d8e46b0",
|
|
"value": "Gather UE Identity Information"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0003",
|
|
"kill_chain": [
|
|
"cmtmf-attack:reconnaissance"
|
|
]
|
|
},
|
|
"uuid": "f43b9606-aa17-4c51-a26c-6bdba0440e4a",
|
|
"value": "Gather UE Network Information"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0004",
|
|
"kill_chain": [
|
|
"cmtmf-attack:reconnaissance"
|
|
]
|
|
},
|
|
"uuid": "668a9ba5-9bd2-4e51-ad7d-0846d992723b",
|
|
"value": "Phishing for Information"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0005",
|
|
"kill_chain": [
|
|
"cmtmf-attack:reconnaissance"
|
|
]
|
|
},
|
|
"uuid": "d3dbe9e4-bfad-4886-a298-cbecd9bdc9a3",
|
|
"value": "Social Media Reports"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0006",
|
|
"kill_chain": [
|
|
"cmtmf-attack:resource-development"
|
|
]
|
|
},
|
|
"uuid": "a0224c49-b049-40eb-8012-e723c76aa841",
|
|
"value": "Develop Capabilities"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0007",
|
|
"kill_chain": [
|
|
"cmtmf-attack:resource-development"
|
|
]
|
|
},
|
|
"uuid": "b1d24ed5-af46-4838-a54f-7567fdf437fc",
|
|
"value": "Obtain Capabilities"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0008",
|
|
"kill_chain": [
|
|
"cmtmf-attack:resource-development"
|
|
]
|
|
},
|
|
"uuid": "71f1f231-f14b-417d-aa5b-dd0bcb76eefb",
|
|
"value": "Stage Capabilities"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0009",
|
|
"kill_chain": [
|
|
"cmtmf-attack:resource-development"
|
|
]
|
|
},
|
|
"uuid": "46a8305c-6073-406b-a902-990905d4300c",
|
|
"value": "Compromise Accounts"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0010",
|
|
"kill_chain": [
|
|
"cmtmf-attack:resource-development"
|
|
]
|
|
},
|
|
"uuid": "51060d01-ef29-40ab-8965-8031d0941811",
|
|
"value": "Acquire Infrastructure"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0011",
|
|
"kill_chain": [
|
|
"cmtmf-attack:resource-development"
|
|
]
|
|
},
|
|
"uuid": "be14c9e0-676b-4582-b30b-8488b24200f5",
|
|
"value": "Compromise Infrastructure"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0012",
|
|
"kill_chain": [
|
|
"cmtmf-attack:initial-access"
|
|
]
|
|
},
|
|
"uuid": "5551a98b-2219-43eb-bcb2-1039e308cf5a",
|
|
"value": "Exploit Public-Facing Application"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0013",
|
|
"kill_chain": [
|
|
"cmtmf-attack:initial-access"
|
|
]
|
|
},
|
|
"uuid": "609aaf42-536c-414d-bee0-4a4e6448e50c",
|
|
"value": "Malicious App from App Store"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0014",
|
|
"kill_chain": [
|
|
"cmtmf-attack:initial-access"
|
|
]
|
|
},
|
|
"uuid": "837cf59f-7dab-4c56-84dd-8ceb9d47debc",
|
|
"value": "Malicious App from Third Party"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0016",
|
|
"kill_chain": [
|
|
"cmtmf-attack:initial-access"
|
|
]
|
|
},
|
|
"uuid": "d0140441-ebe0-4508-8572-ab91aa237980",
|
|
"value": "Masquerade as Legitimate Application"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0017",
|
|
"kill_chain": [
|
|
"cmtmf-attack:initial-access"
|
|
]
|
|
},
|
|
"uuid": "cddeb25f-984e-4f88-99d3-1b8ac235b236",
|
|
"value": "Exploit via Charging Station or PC"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0018",
|
|
"kill_chain": [
|
|
"cmtmf-attack:initial-access"
|
|
]
|
|
},
|
|
"uuid": "37fc2d12-0e65-4e6c-a55f-0a24f818c6cb",
|
|
"value": "Exploit via Radio Interfaces"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0019",
|
|
"kill_chain": [
|
|
"cmtmf-attack:impact",
|
|
"cmtmf-attack:initial-access",
|
|
"cmtmf-attack:lateral-movement"
|
|
]
|
|
},
|
|
"uuid": "859312e9-6257-4b8c-be7c-11558850d802",
|
|
"value": "Rogue Cellular Base Station"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0020",
|
|
"kill_chain": [
|
|
"cmtmf-attack:initial-access"
|
|
]
|
|
},
|
|
"uuid": "eb793a3a-ca08-43ea-bf56-da4d06d5f273",
|
|
"value": "Insider attacks and human errors"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0021",
|
|
"kill_chain": [
|
|
"cmtmf-attack:initial-access"
|
|
]
|
|
},
|
|
"uuid": "2781ceb6-fff9-4e0e-8e58-4c970911f87a",
|
|
"value": "Trusted Relationship"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0022",
|
|
"kill_chain": [
|
|
"cmtmf-attack:initial-access"
|
|
]
|
|
},
|
|
"uuid": "fa6f94a8-d5f9-462a-883c-f5e4317a54dd",
|
|
"value": "Supply Chain Compromise"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0023",
|
|
"kill_chain": [
|
|
"cmtmf-attack:execution"
|
|
]
|
|
},
|
|
"uuid": "870e8141-ad9a-435e-bf10-835d96348973",
|
|
"value": "Native Code"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0024",
|
|
"kill_chain": [
|
|
"cmtmf-attack:execution",
|
|
"cmtmf-attack:privilege-escalation",
|
|
"cmtmf-attack:persistence"
|
|
]
|
|
},
|
|
"uuid": "7ac81844-d442-4d93-b922-59a44ca79454",
|
|
"value": "Scheduled Task/Job"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0025",
|
|
"kill_chain": [
|
|
"cmtmf-attack:execution"
|
|
]
|
|
},
|
|
"uuid": "c1cffc56-217e-42cb-8330-49269dde8054",
|
|
"value": "Command-Line Interface"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0026",
|
|
"kill_chain": [
|
|
"cmtmf-attack:execution"
|
|
]
|
|
},
|
|
"uuid": "a47e9e97-87f9-450e-84f0-ca628a33d0ce",
|
|
"value": "Command and Scripting Interpreter"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0027",
|
|
"kill_chain": [
|
|
"cmtmf-attack:persistence"
|
|
]
|
|
},
|
|
"uuid": "3b3c1a0b-512c-44a7-93ea-1f64501acb4d",
|
|
"value": "Boot or Logon Autostart Execution"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0028",
|
|
"kill_chain": [
|
|
"cmtmf-attack:persistence"
|
|
]
|
|
},
|
|
"uuid": "2cb0bb08-0ded-410d-b0de-baa5b6e65bf7",
|
|
"value": "Foreground Persistence"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0029",
|
|
"kill_chain": [
|
|
"cmtmf-attack:persistence"
|
|
]
|
|
},
|
|
"uuid": "8f908951-f95f-4c23-bda1-124030df1478",
|
|
"value": "Modify Cached Executable Code"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0032",
|
|
"kill_chain": [
|
|
"cmtmf-attack:persistence"
|
|
]
|
|
},
|
|
"uuid": "981fc4a0-f704-42d5-b938-e6d0428177d3",
|
|
"value": "Compromise Application Executable"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0033",
|
|
"kill_chain": [
|
|
"cmtmf-attack:persistence"
|
|
]
|
|
},
|
|
"uuid": "ad487281-8e08-432e-ac8c-1012c1bd15e3",
|
|
"value": "Modify OS Kernel or Boot Partition"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0034",
|
|
"kill_chain": [
|
|
"cmtmf-attack:persistence"
|
|
]
|
|
},
|
|
"uuid": "885fb448-33de-4223-b1ec-1c03a2e2f599",
|
|
"value": "Event Triggered Execution"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0035",
|
|
"kill_chain": [
|
|
"cmtmf-attack:persistence"
|
|
]
|
|
},
|
|
"uuid": "de82ce3e-bbaf-4bbb-aa93-5a67d476c867",
|
|
"value": "Spoofed radio network"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0036",
|
|
"kill_chain": [
|
|
"cmtmf-attack:persistence"
|
|
]
|
|
},
|
|
"uuid": "e999a2f8-96cc-41b4-8199-66afc4e19919",
|
|
"value": "Infecting network nodes"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0037",
|
|
"kill_chain": [
|
|
"cmtmf-attack:privilege-escalation"
|
|
]
|
|
},
|
|
"uuid": "7b487a20-faa0-441d-8e31-44d872d12b3d",
|
|
"value": "Code Injection"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0038",
|
|
"kill_chain": [
|
|
"cmtmf-attack:privilege-escalation"
|
|
]
|
|
},
|
|
"uuid": "5ce17e6a-44aa-415a-864e-c7b45409350e",
|
|
"value": "Process Injection"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0040",
|
|
"kill_chain": [
|
|
"cmtmf-attack:defense-evasion"
|
|
]
|
|
},
|
|
"uuid": "546cf539-733a-45d2-b112-297e920bdfe5",
|
|
"value": "Masquerading"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0041",
|
|
"kill_chain": [
|
|
"cmtmf-attack:defense-evasion"
|
|
]
|
|
},
|
|
"uuid": "59111ac3-8f51-4974-b72d-51ae64902b3d",
|
|
"value": "Disguise Root/Jailbreak Indicators"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0042",
|
|
"kill_chain": [
|
|
"cmtmf-attack:defense-evasion"
|
|
]
|
|
},
|
|
"uuid": "20b446a7-214f-4709-80d3-6c1426b57a00",
|
|
"value": "Evade Analysis Environment"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0043",
|
|
"kill_chain": [
|
|
"cmtmf-attack:persistence",
|
|
"cmtmf-attack:defense-evasion"
|
|
]
|
|
},
|
|
"uuid": "2ce9d395-501f-4b7c-9106-14ac33c27765",
|
|
"value": "Modify Trusted Execution Environment"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0044",
|
|
"kill_chain": [
|
|
"cmtmf-attack:defense-evasion"
|
|
]
|
|
},
|
|
"uuid": "2e04955b-296a-43cd-8994-ccd7ae882230",
|
|
"value": "Obfuscated Files or Information"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0045",
|
|
"kill_chain": [
|
|
"cmtmf-attack:defense-evasion"
|
|
]
|
|
},
|
|
"uuid": "9b6de21d-8583-4efd-bcbc-3aa66b9dbf68",
|
|
"value": "Suppress Application Icon"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0046",
|
|
"kill_chain": [
|
|
"cmtmf-attack:defense-evasion"
|
|
]
|
|
},
|
|
"uuid": "d166bb9a-63d0-4555-a571-eeaef97a39d1",
|
|
"value": "Uninstall Malicious Application"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0047",
|
|
"kill_chain": [
|
|
"cmtmf-attack:defense-evasion",
|
|
"cmtmf-attack:initial-access"
|
|
]
|
|
},
|
|
"uuid": "173d8221-a5b4-4efa-b3aa-902c6e7b7ead",
|
|
"value": "Install Insecure or Malicious Configuration"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0048",
|
|
"kill_chain": [
|
|
"cmtmf-attack:defense-evasion"
|
|
]
|
|
},
|
|
"uuid": "a0ffe349-849b-4c6e-9f4c-10eef819d124",
|
|
"value": "Geofencing"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0049",
|
|
"kill_chain": [
|
|
"cmtmf-attack:defense-evasion"
|
|
]
|
|
},
|
|
"uuid": "8b204308-e643-4fdb-a337-92d372bd917a",
|
|
"value": "Shutdown Remote Device"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0050",
|
|
"kill_chain": [
|
|
"cmtmf-attack:defense-evasion"
|
|
]
|
|
},
|
|
"uuid": "f301abc6-6590-4ab2-93ef-d8ca435179c4",
|
|
"value": "Exploitation for Defense Evasion"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0051",
|
|
"kill_chain": [
|
|
"cmtmf-attack:defense-evasion"
|
|
]
|
|
},
|
|
"uuid": "cf685f28-fc43-4cf6-b91c-9dbcc42ddc02",
|
|
"value": "Security Audit Camouflage"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0052",
|
|
"kill_chain": [
|
|
"cmtmf-attack:defense-evasion"
|
|
]
|
|
},
|
|
"uuid": "30e03f2f-ae68-436f-b677-e41457def8ac",
|
|
"value": "Overload Avoidance"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0053",
|
|
"kill_chain": [
|
|
"cmtmf-attack:defense-evasion"
|
|
]
|
|
},
|
|
"uuid": "36d3aadd-48e6-49e3-89b7-894074179059",
|
|
"value": "Traffic Distribution"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0054",
|
|
"kill_chain": [
|
|
"cmtmf-attack:credential-access"
|
|
]
|
|
},
|
|
"uuid": "e26c80cd-6c94-4a17-bef6-272d5fdeec0d",
|
|
"value": "URI Hijacking"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0056",
|
|
"kill_chain": [
|
|
"cmtmf-attack:credential-access"
|
|
]
|
|
},
|
|
"uuid": "eed66957-03d7-472e-bfce-7fbc833295af",
|
|
"value": "Modify Authentication Process"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0057",
|
|
"kill_chain": [
|
|
"cmtmf-attack:credential-access"
|
|
]
|
|
},
|
|
"uuid": "5f26a03f-b603-46b1-a8ee-91eb02023059",
|
|
"value": "Forced Authentication"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0058",
|
|
"kill_chain": [
|
|
"cmtmf-attack:discovery"
|
|
]
|
|
},
|
|
"uuid": "941608a1-3058-465f-91f0-ee4f2a40f81e",
|
|
"value": "System Network Connections Discovery"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0059",
|
|
"kill_chain": [
|
|
"cmtmf-attack:discovery"
|
|
]
|
|
},
|
|
"uuid": "6e9807b1-2505-4ebe-a6f9-3348d3d60a2c",
|
|
"value": "UE knocking"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0060",
|
|
"kill_chain": [
|
|
"cmtmf-attack:discovery"
|
|
]
|
|
},
|
|
"uuid": "eb40555d-aa7b-42d3-b998-b613460818b1",
|
|
"value": "Internal Resource Search"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0061",
|
|
"kill_chain": [
|
|
"cmtmf-attack:discovery"
|
|
]
|
|
},
|
|
"uuid": "0753376d-1027-451a-b398-35e2700722d4",
|
|
"value": "Network Sniffing"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0063",
|
|
"kill_chain": [
|
|
"cmtmf-attack:lateral-movement"
|
|
]
|
|
},
|
|
"uuid": "3a40f88e-bcf8-4b6e-919f-229ee48b5a1a",
|
|
"value": "Abusing Inter-working Functionalities"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0064",
|
|
"kill_chain": [
|
|
"cmtmf-attack:lateral-movement"
|
|
]
|
|
},
|
|
"uuid": "5210f87e-7111-4f42-a941-de7649378670",
|
|
"value": "Replication Through SMS"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0065",
|
|
"kill_chain": [
|
|
"cmtmf-attack:lateral-movement"
|
|
]
|
|
},
|
|
"uuid": "ef3eb056-73fa-405b-aa8c-f1777454c1c5",
|
|
"value": "Replication Through Bluetooth"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0066",
|
|
"kill_chain": [
|
|
"cmtmf-attack:lateral-movement"
|
|
]
|
|
},
|
|
"uuid": "87ced388-2de0-4a71-b4b7-18de07d7aab7",
|
|
"value": "Replication Through WLAN"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0067",
|
|
"kill_chain": [
|
|
"cmtmf-attack:lateral-movement"
|
|
]
|
|
},
|
|
"uuid": "c27db767-e8fa-4ff6-afe2-2b311bf6401d",
|
|
"value": "Replication Through IP"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0068",
|
|
"kill_chain": [
|
|
"cmtmf-attack:lateral-movement"
|
|
]
|
|
},
|
|
"uuid": "063e1ff2-0af8-4431-b886-83463c5880a8",
|
|
"value": "Exploit platform & service specific vulnerabilites"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0069",
|
|
"kill_chain": [
|
|
"cmtmf-attack:collection",
|
|
"cmtmf-attack:credential-access"
|
|
]
|
|
},
|
|
"uuid": "2b5fd58f-09b6-4af9-a3d5-21e65617bf6f",
|
|
"value": "Access Sensitive Data in Device Logs"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0070",
|
|
"kill_chain": [
|
|
"cmtmf-attack:collection"
|
|
]
|
|
},
|
|
"uuid": "831eb5b3-bcd9-4a1e-b587-bc0b4dc42059",
|
|
"value": "Network Traffic Capture or Redirection"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0071",
|
|
"kill_chain": [
|
|
"cmtmf-attack:collection"
|
|
]
|
|
},
|
|
"uuid": "39aff570-7266-40d3-975e-a63838404a67",
|
|
"value": "Network-specific identifiers"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0072",
|
|
"kill_chain": [
|
|
"cmtmf-attack:collection"
|
|
]
|
|
},
|
|
"uuid": "b706e308-6c75-457f-9d9f-fff37c60e1db",
|
|
"value": "Network-specific data"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0073",
|
|
"kill_chain": [
|
|
"cmtmf-attack:command-and-control"
|
|
]
|
|
},
|
|
"uuid": "17983470-8ddb-47d2-9675-e25371a1b1ad",
|
|
"value": "Application Layer Protocol"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0074",
|
|
"kill_chain": [
|
|
"cmtmf-attack:command-and-control"
|
|
]
|
|
},
|
|
"uuid": "0e114cd1-0f0e-4d5d-88e6-e7e31bb6040f",
|
|
"value": "Communication via SMS"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0075",
|
|
"kill_chain": [
|
|
"cmtmf-attack:command-and-control"
|
|
]
|
|
},
|
|
"uuid": "6581316b-abab-4791-8821-92837688ec7f",
|
|
"value": "Communication via Bluetooth"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0076",
|
|
"kill_chain": [
|
|
"cmtmf-attack:command-and-control"
|
|
]
|
|
},
|
|
"uuid": "99743297-6bd4-467e-8fca-841b43c88dd2",
|
|
"value": "Communication via WLAN"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0077",
|
|
"kill_chain": [
|
|
"cmtmf-attack:command-and-control"
|
|
]
|
|
},
|
|
"uuid": "284abb74-49be-4a51-85a0-a1f68286bca7",
|
|
"value": "Exploit SS7 to Redirect Phone Calls/SMS"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0078",
|
|
"kill_chain": [
|
|
"cmtmf-attack:command-and-control"
|
|
]
|
|
},
|
|
"uuid": "e6e16b6f-c692-4b21-8eb0-6c2890d6e28a",
|
|
"value": "Exploit SS7 to Track Device Location"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0079",
|
|
"kill_chain": [
|
|
"cmtmf-attack:command-and-control"
|
|
]
|
|
},
|
|
"uuid": "85e2973b-8b37-4811-9406-f0c4db9fe44d",
|
|
"value": "SS7-based attacks"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0080",
|
|
"kill_chain": [
|
|
"cmtmf-attack:command-and-control"
|
|
]
|
|
},
|
|
"uuid": "89005def-29bc-44cf-8002-e781b1596b1f",
|
|
"value": "Diameter-based attacks"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0081",
|
|
"kill_chain": [
|
|
"cmtmf-attack:command-and-control"
|
|
]
|
|
},
|
|
"uuid": "3d4c4144-9a7e-4e92-9a10-731a31013628",
|
|
"value": "GTP-based attacks"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0082",
|
|
"kill_chain": [
|
|
"cmtmf-attack:command-and-control"
|
|
]
|
|
},
|
|
"uuid": "47a84cf2-839e-4ff1-9de5-ee3314a5e173",
|
|
"value": "NAS-based attacks"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0083",
|
|
"kill_chain": [
|
|
"cmtmf-attack:command-and-control"
|
|
]
|
|
},
|
|
"uuid": "c474ff9d-92e5-47c3-af19-4fcb85827fa1",
|
|
"value": "MEC-based attacks"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0084",
|
|
"kill_chain": [
|
|
"cmtmf-attack:command-and-control"
|
|
]
|
|
},
|
|
"uuid": "3f76efaa-8881-4dab-ae50-d298206301ab",
|
|
"value": "Network Slice"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0085",
|
|
"kill_chain": [
|
|
"cmtmf-attack:exfiltration"
|
|
]
|
|
},
|
|
"uuid": "670cd16f-50a3-4fd3-8ca5-31bfaa1fd5ff",
|
|
"value": "Automated Exfiltration"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0086",
|
|
"kill_chain": [
|
|
"cmtmf-attack:exfiltration"
|
|
]
|
|
},
|
|
"uuid": "d5f814f7-a53c-4747-b780-bd8e43364648",
|
|
"value": "Data Encrypted"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0087",
|
|
"kill_chain": [
|
|
"cmtmf-attack:exfiltration"
|
|
]
|
|
},
|
|
"uuid": "ab3f1c6a-2b14-44e4-b27b-3b482204977f",
|
|
"value": "Alternate Network Mediums"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0088",
|
|
"kill_chain": [
|
|
"cmtmf-attack:impact"
|
|
]
|
|
},
|
|
"uuid": "ae23f6b2-5c3a-4d0c-9fd7-cacffcc0f08b",
|
|
"value": "Data Manipulation"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0089",
|
|
"kill_chain": [
|
|
"cmtmf-attack:impact"
|
|
]
|
|
},
|
|
"uuid": "b82d3bbc-7fa0-4e48-8075-76bc22f80503",
|
|
"value": "Endpoint Denial of Service"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0090",
|
|
"kill_chain": [
|
|
"cmtmf-attack:impact"
|
|
]
|
|
},
|
|
"uuid": "ba42942b-7f37-4ff2-8fc8-0b640add131e",
|
|
"value": "Carrier Billing Fraud"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0091",
|
|
"kill_chain": [
|
|
"cmtmf-attack:impact"
|
|
]
|
|
},
|
|
"uuid": "8f9ca72c-757c-4691-a779-921605c88a46",
|
|
"value": "SMS Fraud"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0092",
|
|
"kill_chain": [
|
|
"cmtmf-attack:impact"
|
|
]
|
|
},
|
|
"uuid": "73b37857-106b-40cc-b539-00fe1b8aefe3",
|
|
"value": "Manipulate Device Communication"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0093",
|
|
"kill_chain": [
|
|
"cmtmf-attack:impact"
|
|
]
|
|
},
|
|
"uuid": "b4682597-2daf-4ab2-b333-6af83de0771b",
|
|
"value": "Jamming or Denial of Service"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0095",
|
|
"kill_chain": [
|
|
"cmtmf-attack:impact"
|
|
]
|
|
},
|
|
"uuid": "9df725d7-fe97-42da-9be8-da248393a5fa",
|
|
"value": "Location Tracking"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0096",
|
|
"kill_chain": [
|
|
"cmtmf-attack:impact"
|
|
]
|
|
},
|
|
"uuid": "7d89bb73-00e6-436c-96d6-f444b8f2ac15",
|
|
"value": "Identity Exploit"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0097",
|
|
"kill_chain": [
|
|
"cmtmf-attack:impact"
|
|
]
|
|
},
|
|
"uuid": "1ca0fa6e-0484-4e4f-a10e-857225bd4819",
|
|
"value": "Network Denial of Service"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0098",
|
|
"kill_chain": [
|
|
"cmtmf-attack:impact"
|
|
]
|
|
},
|
|
"uuid": "0b6e114b-2ded-4bc5-84d2-25cc81e8724a",
|
|
"value": "Resource Hijacking"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0099",
|
|
"kill_chain": [
|
|
"cmtmf-attack:impact"
|
|
]
|
|
},
|
|
"uuid": "939f6c9d-bdb4-4877-89f0-716e346ef012",
|
|
"value": "SLA Breach"
|
|
},
|
|
{
|
|
"description": "TBD",
|
|
"meta": {
|
|
"external_id": "T0100",
|
|
"kill_chain": [
|
|
"cmtmf-attack:impact"
|
|
]
|
|
},
|
|
"uuid": "75c4e3c7-8501-446d-b362-4134d035f7fa",
|
|
"value": "Customer Churn"
|
|
}
|
|
],
|
|
"version": 6
|
|
}
|