From c3618fcf5288496a6af079ab73a772e66b5dce87 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Tue, 2 Jul 2019 10:19:54 +0200
Subject: [PATCH] new: [imsi-catcher] object based on the output format of
 IMSI-catcher open source tools

The object has been created to show the flexibility of the object
template during the PassTheSalt 2019 conference and the D4 presentation.
---
 objects/imsi-catcher/definition.json | 89 ++++++++++++++++++++++++++++
 1 file changed, 89 insertions(+)
 create mode 100644 objects/imsi-catcher/definition.json

diff --git a/objects/imsi-catcher/definition.json b/objects/imsi-catcher/definition.json
new file mode 100644
index 0000000..061ebc5
--- /dev/null
+++ b/objects/imsi-catcher/definition.json
@@ -0,0 +1,89 @@
+{
+  "requiredOneOf": [
+    "text",
+    "first-seen",
+    "imsi"
+  ],
+  "attributes": {
+    "imsi": {
+      "description": "A usually unique International Mobile Subscriber Identity (IMSI) is allocated to each mobile subscriber in the GSM/UMTS/EPS system. IMSI can also refer to International Mobile Station Identity in the ITU nomenclature.",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "tmsi-1": {
+      "description": "Temporary Mobile Subscriber Identities (TMSI) to visiting mobile subscribers can be allocated.",
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "tmsi-2": {
+      "description": "Temporary Mobile Subscriber Identities (TMSI) to visiting mobile subscribers can be allocated.",
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "country": {
+      "description": "Country where the IMSI is registered.",
+      "misp-attribute": "text",
+      "ui-priority": 0,
+      "disable_correlation": true
+    },
+    "brand": {
+      "description": "Brand associated with the IMSI registration.",
+      "misp-attribute": "text",
+      "ui-priority": 0,
+      "disable_correlation": true
+    },
+    "operator": {
+      "description": "Operator associated with the IMSI registration.",
+      "misp-attribute": "text",
+      "ui-priority": 0,
+      "disable_correlation": true
+    },
+    "mcc": {
+      "description": "MCC - Mobile Country Code",
+      "misp-attribute": "text",
+      "ui-priority": 0,
+      "disable_correlation": true
+    },
+    "mnc": {
+      "description": "MNC - Mobile Network Code",
+      "misp-attribute": "text",
+      "ui-priority": 0,
+      "disable_correlation": true
+    },
+    "lac": {
+      "description": "LAC - Location Area Code",
+      "misp-attribute": "text",
+      "ui-priority": 0,
+      "disable_correlation": true
+    },
+    "cellid": {
+      "description": "CellID",
+      "misp-attribute": "text",
+      "ui-priority": 0,
+      "disable_correlation": true
+    },
+    "text": {
+      "description": "A description of the IMSI record.",
+      "disable_correlation": true,
+      "ui-priority": 1,
+      "misp-attribute": "text"
+    },
+    "first-seen": {
+      "description": "When the IMSI has been accessible or seen for the first time.",
+      "disable_correlation": true,
+      "ui-priority": 0,
+      "misp-attribute": "datetime"
+    },
+    "seq": {
+      "description": "A sequence number for the collection",
+      "disable_correlation": true,
+      "ui-priority": 0,
+      "misp-attribute": "counter"
+    }
+  },
+  "version": 1,
+  "description": "IMSI Catcher entry object based on the open source IMSI cather",
+  "meta-category": "misc",
+  "uuid": "a64f21b1-2f1b-4298-8243-c45db2c4aa7c",
+  "name": "imsi-catcher"
+}