2018-01-05 13:37:54 +01:00
|
|
|
{
|
|
|
|
"attributes": {
|
|
|
|
"GtpImei": {
|
|
|
|
"description": "GTP IMEI (International Mobile Equipment Identity).",
|
|
|
|
"misp-attribute": "text",
|
|
|
|
"ui-priority": 1
|
|
|
|
},
|
|
|
|
"GtpImsi": {
|
|
|
|
"description": "GTP IMSI (International mobile subscriber identity).",
|
|
|
|
"misp-attribute": "text",
|
|
|
|
"ui-priority": 1
|
|
|
|
},
|
|
|
|
"GtpInterface": {
|
|
|
|
"description": "GTP interface.",
|
2020-04-26 02:10:02 +02:00
|
|
|
"disable_correlation": true,
|
|
|
|
"misp-attribute": "text",
|
|
|
|
"multiple": true,
|
2018-01-05 13:37:54 +01:00
|
|
|
"sane_default": [
|
|
|
|
"S5",
|
|
|
|
"S11",
|
|
|
|
"S10",
|
2018-01-05 14:26:28 +01:00
|
|
|
"S8",
|
|
|
|
"Gn",
|
|
|
|
"Gp"
|
2018-01-05 13:37:54 +01:00
|
|
|
],
|
|
|
|
"ui-priority": 1
|
|
|
|
},
|
|
|
|
"GtpMessageType": {
|
|
|
|
"description": "GTP defines a set of messages between two associated GSNs or an SGSN and an RNC. Message type is described as a decimal value.",
|
|
|
|
"disable_correlation": true,
|
|
|
|
"misp-attribute": "text",
|
|
|
|
"ui-priority": 1
|
|
|
|
},
|
2020-04-26 02:10:02 +02:00
|
|
|
"GtpMsisdn": {
|
|
|
|
"description": "GTP MSISDN.",
|
|
|
|
"misp-attribute": "text",
|
|
|
|
"ui-priority": 1
|
|
|
|
},
|
|
|
|
"GtpServingNetwork": {
|
|
|
|
"description": "GTP Serving Network.",
|
|
|
|
"disable_correlation": true,
|
|
|
|
"misp-attribute": "text",
|
|
|
|
"ui-priority": 1
|
|
|
|
},
|
|
|
|
"GtpVersion": {
|
|
|
|
"description": "GTP version",
|
|
|
|
"disable_correlation": true,
|
|
|
|
"misp-attribute": "text",
|
|
|
|
"sane_default": [
|
|
|
|
"0",
|
|
|
|
"1",
|
|
|
|
"2"
|
|
|
|
],
|
|
|
|
"ui-priority": 0
|
|
|
|
},
|
2018-01-05 13:37:54 +01:00
|
|
|
"PortDest": {
|
|
|
|
"description": "Destination port.",
|
|
|
|
"disable_correlation": true,
|
|
|
|
"misp-attribute": "text",
|
|
|
|
"ui-priority": 0
|
|
|
|
},
|
|
|
|
"PortSrc": {
|
|
|
|
"description": "Source port.",
|
|
|
|
"disable_correlation": true,
|
|
|
|
"misp-attribute": "port",
|
|
|
|
"ui-priority": 0
|
|
|
|
},
|
2020-04-26 02:10:02 +02:00
|
|
|
"first-seen": {
|
|
|
|
"description": "When the attack has been seen for the first time.",
|
|
|
|
"disable_correlation": true,
|
|
|
|
"misp-attribute": "datetime",
|
|
|
|
"ui-priority": 0
|
|
|
|
},
|
2018-01-05 13:37:54 +01:00
|
|
|
"ipDest": {
|
|
|
|
"description": "IP destination address.",
|
|
|
|
"misp-attribute": "ip-dst",
|
|
|
|
"ui-priority": 0
|
|
|
|
},
|
|
|
|
"ipSrc": {
|
|
|
|
"description": "IP source address.",
|
|
|
|
"misp-attribute": "ip-src",
|
|
|
|
"ui-priority": 0
|
|
|
|
},
|
|
|
|
"text": {
|
|
|
|
"description": "A description of the GTP attack.",
|
|
|
|
"disable_correlation": true,
|
2020-04-26 02:10:02 +02:00
|
|
|
"misp-attribute": "text",
|
|
|
|
"ui-priority": 0
|
2018-01-05 13:37:54 +01:00
|
|
|
}
|
|
|
|
},
|
2022-02-03 17:43:28 +01:00
|
|
|
"description": "GTP attack object as attack as seen on the GTP signaling protocol supporting GPRS/LTE networks.",
|
2018-01-05 13:37:54 +01:00
|
|
|
"meta-category": "network",
|
2020-04-26 02:10:02 +02:00
|
|
|
"name": "gtp-attack",
|
|
|
|
"requiredOneOf": [
|
|
|
|
"text"
|
|
|
|
],
|
2018-01-05 13:37:54 +01:00
|
|
|
"uuid": "6b3c48d2-0ca6-4608-9c36-455105439145",
|
2022-02-03 17:43:28 +01:00
|
|
|
"version": 4
|
|
|
|
}
|