misp-objects/objects/ss7-attack/definition.json

373 lines
12 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

{
"attributes": {
"Category": {
"description": "Category",
"disable_correlation": true,
"misp-attribute": "text",
"multiple": true,
"sane_default": [
"Cat0",
"Cat1",
"Cat2.1",
"Cat2.2",
"Cat3.1",
"Cat3.2",
"Cat3.3",
"CatSMS",
"CatSpoofing"
],
"ui-priority": 1
},
"GtAssignee": {
"description": "GT Assignee this is the party that got the GT range assigned by their Regulator.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"GtLessee": {
"description": "GT Lessee is a third party who will use a leased global title from a GT Lessor.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"GtLessor": {
"description": "GT Lessor is a GT Assignee that has decided to lease one or more of their GTs to a third party, the GT Lessee, typically on a commercial basis.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"GtSubLessee": {
"description": "GT Sub-Lessee this is an additional third party who has entered into an agreement with the GT Lessee to sub-lease a GT from them.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"MapApplicationContext": {
"description": "MAP application context in OID format.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"4.0.0.1.0.1. - networkLocUp",
"4.0.0.1.0.2. - locationCancel",
"4.0.0.1.0.3. - roamingNbEnquiry",
"4.0.0.1.0.22. - subscriberDataModificationNotification",
"4.0.0.1.0.6. - callControlTransfer",
"4.0.0.1.0.16. - subscriberDataMngt",
"4.0.0.1.0.46. - vcsgLocationUpdate",
"4.0.0.1.0.15. - interVlrInfoRetrieval",
"4.0.0.1.0.18. - networkFunctionalSs",
"4.0.0.1.0.39. - authenticationFailureReport",
"4.0.0.1.0.44. - resourceMngt",
"4.0.0.1.0.41. - shortMsgMT_VGCS_Relay",
"4.0.0.1.0.5. - locInfoRetrieval",
"4.0.0.1.0.32. - gprsLocationUpdate",
"4.0.0.1.0.33. - gprsLocationInfoRetrieval",
"4.0.0.1.0.34. - failureReport",
"4.0.0.1.0.35. - gprsNotify",
"4.0.0.1.0.11. - handoverControl",
"4.0.0.1.0.12. - sIWFSAllocation",
"4.0.0.1.0.47. - vcsgLocationCancel",
"4.0.0.1.0.10. - reset",
"4.0.0.1.0.31. - groupCallControl",
"4.0.0.1.0.13. - equipmentMngt",
"4.0.0.1.0.25. - shortMsgMT_Relay",
"4.0.0.1.0.20. - shortMsgGateway",
"4.0.0.1.0.21. - shortMsgMO_Relay",
"4.0.0.1.0.24. - mwdMngt",
"4.0.0.1.0.23. - shortMsgAlert",
"4.0.0.1.0.17. - tracing",
"4.0.0.1.0.14. - infoRetrieval",
"4.0.0.1.0.26. - imsiRetrieval",
"4.0.0.1.0.19. - networkUnstructuredSs",
"4.0.0.1.0.43. - anyTimeInfoHandling",
"4.0.0.1.0.4. - istAlerting",
"4.0.0.1.0.27. - msPurging",
"4.0.0.1.0.28. - subscriberInfoEnquiry",
"4.0.0.1.0.29. - anyTimeEnquiry",
"4.0.0.1.0.36. - ss_InvocationNotification",
"4.0.0.1.0.7. - reporting",
"4.0.0.1.0.8. - callCompletion",
"4.0.0.1.0.38. - locationSvcEnquiry",
"4.0.0.1.0.45. - groupCallInfoRetrieval",
"4.0.0.1.0.37. - locationSvcGateway",
"4.0.0.1.0.9. - ServiceTermination",
"4.0.0.1.0.42. - mm_EventReporting"
],
"ui-priority": 0
},
"MapGmlc": {
"description": "MAP GMLC. Phone number.",
"misp-attribute": "text",
"ui-priority": 0
},
"MapGsmscfGT": {
"description": "MAP GSMSCF GT. Phone number.",
"misp-attribute": "text",
"ui-priority": 0
},
"MapImsi": {
"description": "MAP IMSI. Phone number starting with MCC/MNC.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"MapMscGT": {
"description": "MAP MSC GT. Phone number.",
"misp-attribute": "text",
"ui-priority": 0
},
"MapMsisdn": {
"description": "MAP MSISDN. Phone number.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"MapOpCode": {
"description": "MAP operation codes - Decimal value between 0-99.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"updateLocation - 2",
"cancelLocation - 3",
"provideRoamingNumber - 4",
"noteSubscriberDataModified - 5",
"resumeCallHandling - 6",
"insertSubscriberData - 7",
"deleteSubscriberData - 8",
"sendParameters - 9",
"registerSS - 10",
"eraseSS - 11",
"activateSS - 12",
"deactivateSS - 13",
"interrogateSS - 14",
"authenticationFailureReport - 15",
"registerPassword - 17",
"getPassword - 18",
"processUnstructuredSS_Data - 19",
"releaseResources - 20",
"mt_ForwardSM_VGCS - 21",
"sendRoutingInfo - 22",
"updateGprsLocation - 23",
"sendRoutingInfoForGprs - 24",
"failureReport - 25",
"noteMsPresentForGprs - 26",
"performHandover - 28",
"sendEndSignal - 29",
"performSubsequentHandover - 30",
"provideSIWFSNumber - 31",
"siwfs_SignallingModify - 32",
"processAccessSignalling - 33",
"forwardAccessSignalling - 34",
"noteInternalHandover - 35",
"cancelVcsgLocation - 36",
"reset_ - 37",
"forwardCheckSsIndication - 38",
"prepareGroupCall - 39",
"sendGroupCallEndSignal - 40",
"processGroupCallSignalling - 41",
"forwardGroupCallSignalling - 42",
"checkIMEI - 43",
"mt_forwardSM - 44",
"sendRoutingInfoForSM - 45",
"mo_forwardSM - 46",
"forwardSM - 46",
"reportSmDeliveryStatus - 47",
"noteSubscriberPresent - 48",
"alertServiceCentreWithoutResult - 49",
"activateTraceMode - 50",
"deactivateTraceMode - 51",
"traceSubscriberActivity - 52",
"updateVcsgLocation - 53",
"beginSubscriberActivity - 54",
"sendIdentification - 55",
"sendAuthenticationInfo - 56",
"restoreData - 57",
"sendIMSI - 58",
"processUnstructuredSS_Request - 59",
"unstructuredSS_Request - 60",
"unstructuredSS_Notify - 61",
"anyTimeSubscriptionInterrogation - 62",
"informServiceCentre - 63",
"alertServiceCentre - 64",
"anyTimeModification - 65",
"readyForSM - 66",
"purgeMS - 67",
"prepareHandover - 68",
"prepareSubsequentHandover - 69",
"provideSubscriberInfo - 70",
"anyTimeInterrogation - 71",
"ss_Invocation_Notification - 72",
"setReportingState - 73",
"statusReport - 74",
"remoteUserFree - 75",
"registerCC_Entry - 76",
"eraseCC_Entry - 77",
"provideSubscriberLocation - 83",
"sendGroupCallInfo - 84",
"sendRoutingInfoForLCS - 85",
"subscriberLocationReport - 86",
"istAlert - 87",
"istCommand - 88",
"NoteMM_Event - 89"
],
"ui-priority": 0
},
"MapSmsTP-DCS": {
"description": "MAP SMS TP-DCS.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"MapSmsTP-OA": {
"description": "MAP SMS TP-OA. Phone number.",
"misp-attribute": "text",
"ui-priority": 0
},
"MapSmsTP-PID": {
"description": "MAP SMS TP-PID.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"MapSmsText": {
"description": "MAP SMS Text. Important indicators in SMS text.",
"misp-attribute": "text",
"ui-priority": 0
},
"MapSmsTypeNumber": {
"description": "MAP SMS TypeNumber.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"MapSmscGT": {
"description": "MAP SMSC. Phone number.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"MapUssdCoding": {
"description": "MAP USSD Content.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"MapUssdContent": {
"description": "MAP USSD Content.",
"misp-attribute": "text",
"ui-priority": 0
},
"MapVersion": {
"description": "Map version.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"1",
"2",
"3"
],
"ui-priority": 0
},
"MapVlrGT": {
"description": "MAP VLR GT. Phone number.",
"misp-attribute": "text",
"ui-priority": 0
},
"SccpCdGT": {
"description": "Signaling Connection Control Part (SCCP) CdGT - Phone number.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"SccpCdGT-Country": {
"description": "Country in which SCCP CDGT is registered.",
"misp-attribute": "text",
"ui-priority": 0
},
"SccpCdGT-CountryISO2": {
"description": "Code ISO 3166-1 alpha-2 from which the SCCP CDGT is allocated.",
"misp-attribute": "text",
"ui-priority": 0
},
"SccpCdGT-OperatorName": {
"description": "Operator Name under which the SCCP CDGT is registered.",
"misp-attribute": "text",
"ui-priority": 0
},
"SccpCdGT-TADIG": {
"description": "TADIG under which the SCCP CDGT is registered.",
"misp-attribute": "text",
"ui-priority": 0
},
"SccpCdPC": {
"description": "Signaling Connection Control Part (SCCP) CdPC - Phone number.",
"misp-attribute": "text",
"ui-priority": 0
},
"SccpCdSSN": {
"description": "Signaling Connection Control Part (SCCP) - Decimal value between 0-255.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"SccpCgGT": {
"description": "Signaling Connection Control Part (SCCP) CgGT - Phone number.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"SccpCgGT-Country": {
"description": "Country in which SCCP CGGT is registered.",
"misp-attribute": "text",
"ui-priority": 0
},
"SccpCgGT-CountryISO2": {
"description": "Allocated Code ISO 3166-1 alpha-2 for the SCCP CGGT.",
"misp-attribute": "text",
"ui-priority": 0
},
"SccpCgGT-OperatorName": {
"description": "Operator Name under which the SCCP CGGT is registered.",
"misp-attribute": "text",
"ui-priority": 0
},
"SccpCgGT-TADIG": {
"description": "TADIG under which the SCCP CGGT is registered.",
"misp-attribute": "text",
"ui-priority": 0
},
"SccpCgPC": {
"description": "Signaling Connection Control Part (SCCP) CgPC - Phone number.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"SccpCgSSN": {
"description": "Signaling Connection Control Part (SCCP) - Decimal value between 0-255.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"first-seen": {
"description": "When the attack has been seen for the first time.",
"disable_correlation": true,
"misp-attribute": "datetime",
"ui-priority": 0
},
"text": {
"description": "A description of the attack seen via SS7 logging.",
"disable_correlation": true,
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
}
},
"description": "SS7 object of an attack as seen on the SS7 signaling protocol supporting GSM/GPRS/UMTS networks.",
"meta-category": "network",
"name": "ss7-attack",
"requiredOneOf": [
"text"
],
"uuid": "f3493d8b-a7ab-48d0-a775-046c4d64d782",
"version": 5
}