MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity
misp-objects/objects/ss7-attack/definition.json

373 lines
12 KiB
JSON
Raw Normal View History

add: ss7-attack object for the attack against GSM/UMTS networks seen in SS7 logging.
2018-01-05 16:17:23 +01:00
{
"attributes": {
"Category": {
"description": "Category",
chg: Sort all the entries in the templates by default
2020-04-26 02:10:02 +02:00
"disable_correlation": true,
"misp-attribute": "text",
"multiple": true,
add: ss7-attack object for the attack against GSM/UMTS networks seen in SS7 logging.
2018-01-05 16:17:23 +01:00
"sane_default": [
"Cat0",
"Cat1",
"Cat2.1",
"Cat2.2",
"Cat3.1",
"Cat3.2",
"Cat3.3",
"CatSMS",
"CatSpoofing"
],
"ui-priority": 1
},
chg: [ss7-attack] order and newline
2021-09-04 10:19:25 +02:00
"GtAssignee": {
"description": "GT Assignee this is the party that got the GT range assigned by their Regulator.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"GtLessee": {
"description": "GT Lessee is a third party who will use a leased global title from a GT Lessor.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"GtLessor": {
"description": "GT Lessor is a GT Assignee that has decided to lease one or more of their GTs to a third party, the GT Lessee, typically on a commercial basis.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"GtSubLessee": {
"description": "GT Sub-Lessee this is an additional third party who has entered into an agreement with the GT Lessee to sub-lease a GT from them.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
chg: Sort all the entries in the templates by default
2020-04-26 02:10:02 +02:00
"MapApplicationContext": {
"description": "MAP application context in OID format.",
add: ss7-attack object for the attack against GSM/UMTS networks seen in SS7 logging.
2018-01-05 16:17:23 +01:00
"disable_correlation": true,
"misp-attribute": "text",
Modification avec the jq_all_the_things.sh
2022-02-03 10:42:35 +01:00
"sane_default": [
Cleanup ApplicationContext List + Removed versions Versions are managed via the MAP Version field
2022-01-19 18:05:40 +01:00
"4.0.0.1.0.1. - networkLocUp",
"4.0.0.1.0.2. - locationCancel",
"4.0.0.1.0.3. - roamingNbEnquiry",
"4.0.0.1.0.22. - subscriberDataModificationNotification",
"4.0.0.1.0.6. - callControlTransfer",
"4.0.0.1.0.16. - subscriberDataMngt",
"4.0.0.1.0.46. - vcsgLocationUpdate",
"4.0.0.1.0.15. - interVlrInfoRetrieval",
"4.0.0.1.0.18. - networkFunctionalSs",
"4.0.0.1.0.39. - authenticationFailureReport",
"4.0.0.1.0.44. - resourceMngt",
"4.0.0.1.0.41. - shortMsgMT_VGCS_Relay",
"4.0.0.1.0.5. - locInfoRetrieval",
"4.0.0.1.0.32. - gprsLocationUpdate",
"4.0.0.1.0.33. - gprsLocationInfoRetrieval",
"4.0.0.1.0.34. - failureReport",
"4.0.0.1.0.35. - gprsNotify",
"4.0.0.1.0.11. - handoverControl",
"4.0.0.1.0.12. - sIWFSAllocation",
"4.0.0.1.0.47. - vcsgLocationCancel",
"4.0.0.1.0.10. - reset",
"4.0.0.1.0.31. - groupCallControl",
"4.0.0.1.0.13. - equipmentMngt",
"4.0.0.1.0.25. - shortMsgMT_Relay",
"4.0.0.1.0.20. - shortMsgGateway",
"4.0.0.1.0.21. - shortMsgMO_Relay",
"4.0.0.1.0.24. - mwdMngt",
"4.0.0.1.0.23. - shortMsgAlert",
"4.0.0.1.0.17. - tracing",
"4.0.0.1.0.14. - infoRetrieval",
"4.0.0.1.0.26. - imsiRetrieval",
"4.0.0.1.0.19. - networkUnstructuredSs",
"4.0.0.1.0.43. - anyTimeInfoHandling",
"4.0.0.1.0.4. - istAlerting",
"4.0.0.1.0.27. - msPurging",
"4.0.0.1.0.28. - subscriberInfoEnquiry",
"4.0.0.1.0.29. - anyTimeEnquiry",
"4.0.0.1.0.36. - ss_InvocationNotification",
"4.0.0.1.0.7. - reporting",
"4.0.0.1.0.8. - callCompletion",
"4.0.0.1.0.38. - locationSvcEnquiry",
"4.0.0.1.0.45. - groupCallInfoRetrieval",
"4.0.0.1.0.37. - locationSvcGateway",
"4.0.0.1.0.9. - ServiceTermination",
"4.0.0.1.0.42. - mm_EventReporting"
Add MAP application context list, without version
2022-01-11 09:43:03 +01:00
],
chg: Sort all the entries in the templates by default
2020-04-26 02:10:02 +02:00
"ui-priority": 0
add: ss7-attack object for the attack against GSM/UMTS networks seen in SS7 logging.
2018-01-05 16:17:23 +01:00
},
chg: Sort all the entries in the templates by default
2020-04-26 02:10:02 +02:00
"MapGmlc": {
"description": "MAP GMLC. Phone number.",
add: ss7-attack object for the attack against GSM/UMTS networks seen in SS7 logging.
2018-01-05 16:17:23 +01:00
"misp-attribute": "text",
chg: Sort all the entries in the templates by default
2020-04-26 02:10:02 +02:00
"ui-priority": 0
add: ss7-attack object for the attack against GSM/UMTS networks seen in SS7 logging.
2018-01-05 16:17:23 +01:00
},
chg: Sort all the entries in the templates by default
2020-04-26 02:10:02 +02:00
"MapGsmscfGT": {
"description": "MAP GSMSCF GT. Phone number.",
add: ss7-attack object for the attack against GSM/UMTS networks seen in SS7 logging.
2018-01-05 16:17:23 +01:00
"misp-attribute": "text",
chg: Sort all the entries in the templates by default
2020-04-26 02:10:02 +02:00
"ui-priority": 0
add: ss7-attack object for the attack against GSM/UMTS networks seen in SS7 logging.
2018-01-05 16:17:23 +01:00
},
"MapImsi": {
"description": "MAP IMSI. Phone number starting with MCC/MNC.",
chg: Sort all the entries in the templates by default
2020-04-26 02:10:02 +02:00
"misp-attribute": "text",
add: ss7-attack object for the attack against GSM/UMTS networks seen in SS7 logging.
2018-01-05 16:17:23 +01:00
"multiple": true,
chg: Sort all the entries in the templates by default
2020-04-26 02:10:02 +02:00
"ui-priority": 0
add: ss7-attack object for the attack against GSM/UMTS networks seen in SS7 logging.
2018-01-05 16:17:23 +01:00
},
"MapMscGT": {
"description": "MAP MSC GT. Phone number.",
chg: Sort all the entries in the templates by default
2020-04-26 02:10:02 +02:00
"misp-attribute": "text",
"ui-priority": 0
add: ss7-attack object for the attack against GSM/UMTS networks seen in SS7 logging.
2018-01-05 16:17:23 +01:00
},
chg: Sort all the entries in the templates by default
2020-04-26 02:10:02 +02:00
"MapMsisdn": {
"description": "MAP MSISDN. Phone number.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
add: ss7-attack object for the attack against GSM/UMTS networks seen in SS7 logging.
2018-01-05 16:17:23 +01:00
},
chg: Sort all the entries in the templates by default
2020-04-26 02:10:02 +02:00
"MapOpCode": {
"description": "MAP operation codes - Decimal value between 0-99.",
"disable_correlation": true,
"misp-attribute": "text",
Add list of MAP Opcodes (text + number)
2022-01-11 09:49:30 +01:00
"sane_default": [
"updateLocation - 2",
"cancelLocation - 3",
"provideRoamingNumber - 4",
"noteSubscriberDataModified - 5",
"resumeCallHandling - 6",
"insertSubscriberData - 7",
"deleteSubscriberData - 8",
"sendParameters - 9",
"registerSS - 10",
"eraseSS - 11",
"activateSS - 12",
"deactivateSS - 13",
"interrogateSS - 14",
"authenticationFailureReport - 15",
"registerPassword - 17",
"getPassword - 18",
"processUnstructuredSS_Data - 19",
"releaseResources - 20",
"mt_ForwardSM_VGCS - 21",
"sendRoutingInfo - 22",
"updateGprsLocation - 23",
"sendRoutingInfoForGprs - 24",
"failureReport - 25",
"noteMsPresentForGprs - 26",
"performHandover - 28",
"sendEndSignal - 29",
"performSubsequentHandover - 30",
"provideSIWFSNumber - 31",
"siwfs_SignallingModify - 32",
"processAccessSignalling - 33",
"forwardAccessSignalling - 34",
"noteInternalHandover - 35",
"cancelVcsgLocation - 36",
"reset_ - 37",
"forwardCheckSsIndication - 38",
"prepareGroupCall - 39",
"sendGroupCallEndSignal - 40",
"processGroupCallSignalling - 41",
"forwardGroupCallSignalling - 42",
"checkIMEI - 43",
"mt_forwardSM - 44",
"sendRoutingInfoForSM - 45",
"mo_forwardSM - 46",
Add FowardSM for "old" SMS
2022-02-01 17:26:22 +01:00
"forwardSM - 46",
Add list of MAP Opcodes (text + number)
2022-01-11 09:49:30 +01:00
"reportSmDeliveryStatus - 47",
"noteSubscriberPresent - 48",
"alertServiceCentreWithoutResult - 49",
"activateTraceMode - 50",
"deactivateTraceMode - 51",
"traceSubscriberActivity - 52",
"updateVcsgLocation - 53",
"beginSubscriberActivity - 54",
"sendIdentification - 55",
"sendAuthenticationInfo - 56",
"restoreData - 57",
"sendIMSI - 58",
"processUnstructuredSS_Request - 59",
"unstructuredSS_Request - 60",
"unstructuredSS_Notify - 61",
"anyTimeSubscriptionInterrogation - 62",
"informServiceCentre - 63",
"alertServiceCentre - 64",
"anyTimeModification - 65",
"readyForSM - 66",
"purgeMS - 67",
"prepareHandover - 68",
"prepareSubsequentHandover - 69",
"provideSubscriberInfo - 70",
"anyTimeInterrogation - 71",
"ss_Invocation_Notification - 72",
"setReportingState - 73",
"statusReport - 74",
"remoteUserFree - 75",
"registerCC_Entry - 76",
"eraseCC_Entry - 77",
"provideSubscriberLocation - 83",
"sendGroupCallInfo - 84",
"sendRoutingInfoForLCS - 85",
"subscriberLocationReport - 86",
"istAlert - 87",
"istCommand - 88",
"NoteMM_Event - 89"
],
chg: Sort all the entries in the templates by default
2020-04-26 02:10:02 +02:00
"ui-priority": 0
add: ss7-attack object for the attack against GSM/UMTS networks seen in SS7 logging.
2018-01-05 16:17:23 +01:00
},
chg: Sort all the entries in the templates by default
2020-04-26 02:10:02 +02:00
"MapSmsTP-DCS": {
"description": "MAP SMS TP-DCS.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
add: ss7-attack object for the attack against GSM/UMTS networks seen in SS7 logging.
2018-01-05 16:17:23 +01:00
},
"MapSmsTP-OA": {
"description": "MAP SMS TP-OA. Phone number.",
chg: Sort all the entries in the templates by default
2020-04-26 02:10:02 +02:00
"misp-attribute": "text",
"ui-priority": 0
Update definition.json Adding the multiple possibility for SMSC GT to cover SMS Spaming case. Also text field for multiple details if needed. Adding "MapSmsText" attribute to help matching malicious URL, keywords or MSISDN inside SMS.
2018-01-11 11:52:11 +01:00
},
add: ss7-attack object for the attack against GSM/UMTS networks seen in SS7 logging.
2018-01-05 16:17:23 +01:00
"MapSmsTP-PID": {
"description": "MAP SMS TP-PID.",
chg: Sort all the entries in the templates by default
2020-04-26 02:10:02 +02:00
"disable_correlation": true,
add: ss7-attack object for the attack against GSM/UMTS networks seen in SS7 logging.
2018-01-05 16:17:23 +01:00
"misp-attribute": "text",
chg: Sort all the entries in the templates by default
2020-04-26 02:10:02 +02:00
"ui-priority": 0
add: ss7-attack object for the attack against GSM/UMTS networks seen in SS7 logging.
2018-01-05 16:17:23 +01:00
},
chg: Sort all the entries in the templates by default
2020-04-26 02:10:02 +02:00
"MapSmsText": {
"description": "MAP SMS Text. Important indicators in SMS text.",
add: ss7-attack object for the attack against GSM/UMTS networks seen in SS7 logging.
2018-01-05 16:17:23 +01:00
"misp-attribute": "text",
chg: Sort all the entries in the templates by default
2020-04-26 02:10:02 +02:00
"ui-priority": 0
add: ss7-attack object for the attack against GSM/UMTS networks seen in SS7 logging.
2018-01-05 16:17:23 +01:00
},
"MapSmsTypeNumber": {
"description": "MAP SMS TypeNumber.",
chg: Sort all the entries in the templates by default
2020-04-26 02:10:02 +02:00
"disable_correlation": true,
add: ss7-attack object for the attack against GSM/UMTS networks seen in SS7 logging.
2018-01-05 16:17:23 +01:00
"misp-attribute": "text",
chg: Sort all the entries in the templates by default
2020-04-26 02:10:02 +02:00
"ui-priority": 0
add: ss7-attack object for the attack against GSM/UMTS networks seen in SS7 logging.
2018-01-05 16:17:23 +01:00
},
chg: Sort all the entries in the templates by default
2020-04-26 02:10:02 +02:00
"MapSmscGT": {
"description": "MAP SMSC. Phone number.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
add: ss7-attack object for the attack against GSM/UMTS networks seen in SS7 logging.
2018-01-05 16:17:23 +01:00
},
"MapUssdCoding": {
"description": "MAP USSD Content.",
chg: Sort all the entries in the templates by default
2020-04-26 02:10:02 +02:00
"disable_correlation": true,
add: ss7-attack object for the attack against GSM/UMTS networks seen in SS7 logging.
2018-01-05 16:17:23 +01:00
"misp-attribute": "text",
chg: Sort all the entries in the templates by default
2020-04-26 02:10:02 +02:00
"ui-priority": 0
add: ss7-attack object for the attack against GSM/UMTS networks seen in SS7 logging.
2018-01-05 16:17:23 +01:00
},
chg: Sort all the entries in the templates by default
2020-04-26 02:10:02 +02:00
"MapUssdContent": {
"description": "MAP USSD Content.",
"misp-attribute": "text",
"ui-priority": 0
},
"MapVersion": {
"description": "Map version.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"1",
"2",
"3"
],
"ui-priority": 0
},
"MapVlrGT": {
"description": "MAP VLR GT. Phone number.",
"misp-attribute": "text",
"ui-priority": 0
},
"SccpCdGT": {
"description": "Signaling Connection Control Part (SCCP) CdGT - Phone number.",
"misp-attribute": "text",
Update definition.json
2022-03-18 12:15:58 +01:00
"multiple": true,
chg: Sort all the entries in the templates by default
2020-04-26 02:10:02 +02:00
"ui-priority": 0
},
Add fields related to GT
2022-03-18 12:08:13 +01:00
"SccpCdGT-Country": {
"description": "Country in which SCCP CDGT is registered.",
"misp-attribute": "text",
"ui-priority": 0
},
"SccpCdGT-CountryISO2": {
"description": "Code ISO 3166-1 alpha-2 from which the SCCP CDGT is allocated.",
"misp-attribute": "text",
"ui-priority": 0
},
"SccpCdGT-OperatorName": {
"description": "Operator Name under which the SCCP CDGT is registered.",
"misp-attribute": "text",
"ui-priority": 0
},
"SccpCdGT-TADIG": {
"description": "TADIG under which the SCCP CDGT is registered.",
"misp-attribute": "text",
"ui-priority": 0
},
chg: Sort all the entries in the templates by default
2020-04-26 02:10:02 +02:00
"SccpCdPC": {
"description": "Signaling Connection Control Part (SCCP) CdPC - Phone number.",
"misp-attribute": "text",
"ui-priority": 0
},
"SccpCdSSN": {
"description": "Signaling Connection Control Part (SCCP) - Decimal value between 0-255.",
add: ss7-attack object for the attack against GSM/UMTS networks seen in SS7 logging.
2018-01-05 16:17:23 +01:00
"disable_correlation": true,
chg: Sort all the entries in the templates by default
2020-04-26 02:10:02 +02:00
"misp-attribute": "text",
"ui-priority": 0
},
"SccpCgGT": {
"description": "Signaling Connection Control Part (SCCP) CgGT - Phone number.",
"misp-attribute": "text",
Update definition.json Adding the multiple possibility for SMSC GT to cover SMS Spaming case. Also text field for multiple details if needed. Adding "MapSmsText" attribute to help matching malicious URL, keywords or MSISDN inside SMS.
2018-01-11 11:52:11 +01:00
"multiple": true,
chg: Sort all the entries in the templates by default
2020-04-26 02:10:02 +02:00
"ui-priority": 0
},
Add fields related to GT
2022-03-18 12:08:13 +01:00
"SccpCgGT-Country": {
"description": "Country in which SCCP CGGT is registered.",
"misp-attribute": "text",
"ui-priority": 0
},
"SccpCgGT-CountryISO2": {
"description": "Allocated Code ISO 3166-1 alpha-2 for the SCCP CGGT.",
"misp-attribute": "text",
"ui-priority": 0
},
"SccpCgGT-OperatorName": {
"description": "Operator Name under which the SCCP CGGT is registered.",
"misp-attribute": "text",
"ui-priority": 0
},
"SccpCgGT-TADIG": {
"description": "TADIG under which the SCCP CGGT is registered.",
"misp-attribute": "text",
"ui-priority": 0
},
chg: Sort all the entries in the templates by default
2020-04-26 02:10:02 +02:00
"SccpCgPC": {
"description": "Signaling Connection Control Part (SCCP) CgPC - Phone number.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"SccpCgSSN": {
"description": "Signaling Connection Control Part (SCCP) - Decimal value between 0-255.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
add: ss7-attack object for the attack against GSM/UMTS networks seen in SS7 logging.
2018-01-05 16:17:23 +01:00
},
"first-seen": {
"description": "When the attack has been seen for the first time.",
"disable_correlation": true,
chg: Sort all the entries in the templates by default
2020-04-26 02:10:02 +02:00
"misp-attribute": "datetime",
"ui-priority": 0
},
"text": {
"description": "A description of the attack seen via SS7 logging.",
"disable_correlation": true,
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
add: ss7-attack object for the attack against GSM/UMTS networks seen in SS7 logging.
2018-01-05 16:17:23 +01:00
}
},
chg: [ss7/gtp/diameter] used description updated in the README
2022-02-03 17:43:28 +01:00
"description": "SS7 object of an attack as seen on the SS7 signaling protocol supporting GSM/GPRS/UMTS networks.",
add: ss7-attack object for the attack against GSM/UMTS networks seen in SS7 logging.
2018-01-05 16:17:23 +01:00
"meta-category": "network",
chg: Sort all the entries in the templates by default
2020-04-26 02:10:02 +02:00
"name": "ss7-attack",
"requiredOneOf": [
"text"
],
add: ss7-attack object for the attack against GSM/UMTS networks seen in SS7 logging.
2018-01-05 16:17:23 +01:00
"uuid": "f3493d8b-a7ab-48d0-a775-046c4d64d782",
Update object version to v5
2022-03-21 15:02:48 +01:00
"version": 5
modified by ./jq_all_the_things.sh
2022-03-21 15:04:26 +01:00
}