new: [imsi-catcher] object based on the output format of IMSI-catcher open source tools

The object has been created to show the flexibility of the object template during the PassTheSalt 2019 conference and the D4 presentation.
2019-07-02 10:19:54 +02:00 · 2019-07-02 10:19:54 +02:00 · c3618fcf52
parent 2b3dafc8a0
commit c3618fcf52
1 changed files with 89 additions and 0 deletions
--- a/objects/imsi-catcher/definition.json
+++ b/objects/imsi-catcher/definition.json
@ -0,0 +1,89 @@
+{
+  "requiredOneOf": [
+    "text",
+    "first-seen",
+    "imsi"
+  ],
+  "attributes": {
+    "imsi": {
+      "description": "A usually unique International Mobile Subscriber Identity (IMSI) is allocated to each mobile subscriber in the GSM/UMTS/EPS system. IMSI can also refer to International Mobile Station Identity in the ITU nomenclature.",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "tmsi-1": {
+      "description": "Temporary Mobile Subscriber Identities (TMSI) to visiting mobile subscribers can be allocated.",
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "tmsi-2": {
+      "description": "Temporary Mobile Subscriber Identities (TMSI) to visiting mobile subscribers can be allocated.",
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "country": {
+      "description": "Country where the IMSI is registered.",
+      "misp-attribute": "text",
+      "ui-priority": 0,
+      "disable_correlation": true
+    },
+    "brand": {
+      "description": "Brand associated with the IMSI registration.",
+      "misp-attribute": "text",
+      "ui-priority": 0,
+      "disable_correlation": true
+    },
+    "operator": {
+      "description": "Operator associated with the IMSI registration.",
+      "misp-attribute": "text",
+      "ui-priority": 0,
+      "disable_correlation": true
+    },
+    "mcc": {
+      "description": "MCC - Mobile Country Code",
+      "misp-attribute": "text",
+      "ui-priority": 0,
+      "disable_correlation": true
+    },
+    "mnc": {
+      "description": "MNC - Mobile Network Code",
+      "misp-attribute": "text",
+      "ui-priority": 0,
+      "disable_correlation": true
+    },
+    "lac": {
+      "description": "LAC - Location Area Code",
+      "misp-attribute": "text",
+      "ui-priority": 0,
+      "disable_correlation": true
+    },
+    "cellid": {
+      "description": "CellID",
+      "misp-attribute": "text",
+      "ui-priority": 0,
+      "disable_correlation": true
+    },
+    "text": {
+      "description": "A description of the IMSI record.",
+      "disable_correlation": true,
+      "ui-priority": 1,
+      "misp-attribute": "text"
+    },
+    "first-seen": {
+      "description": "When the IMSI has been accessible or seen for the first time.",
+      "disable_correlation": true,
+      "ui-priority": 0,
+      "misp-attribute": "datetime"
+    },
+    "seq": {
+      "description": "A sequence number for the collection",
+      "disable_correlation": true,
+      "ui-priority": 0,
+      "misp-attribute": "counter"
+    }
+  },
+  "version": 1,
+  "description": "IMSI Catcher entry object based on the open source IMSI cather",
+  "meta-category": "misc",
+  "uuid": "a64f21b1-2f1b-4298-8243-c45db2c4aa7c",
+  "name": "imsi-catcher"
+}