test_scratch
/
cti-ATT-CK-v13.1
/mobile-attack
/attack-pattern
/attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7.json
| { | |
| "type": "bundle", | |
| "id": "bundle--bbaad56f-2fb0-4040-b993-388e783e3381", | |
| "spec_version": "2.0", | |
| "objects": [ | |
| { | |
| "modified": "2023-03-20T18:41:45.256Z", | |
| "name": "Impersonate SS7 Nodes", | |
| "description": "Adversaries may exploit the lack of authentication in signaling system network nodes to track the to track the location of mobile devices by impersonating a node.(Citation: Engel-SS7)(Citation: Engel-SS7-2008)(Citation: 3GPP-Security)(Citation: Positive-SS7)(Citation: CSRIC5-WG10-FinalReport) \n\n \n\nBy providing the victim\u2019s MSISDN (phone number) and impersonating network internal nodes to query subscriber information from other nodes, adversaries may use data collected from each hop to eventually determine the device\u2019s geographical cell area or nearest cell tower.(Citation: Engel-SS7)", | |
| "kill_chain_phases": [ | |
| { | |
| "kill_chain_name": "mitre-mobile-attack", | |
| "phase_name": "collection" | |
| }, | |
| { | |
| "kill_chain_name": "mitre-mobile-attack", | |
| "phase_name": "discovery" | |
| } | |
| ], | |
| "x_mitre_deprecated": false, | |
| "x_mitre_detection": "Network carriers may be able to use firewalls, Intrusion Detection Systems (IDS), or Intrusion Prevention Systems (IPS) to detect and/or block SS7 exploitation.(Citation: CSRIC-WG1-FinalReport) The CSRIC also suggests threat information sharing between telecommunications industry members.", | |
| "x_mitre_domains": [ | |
| "mobile-attack" | |
| ], | |
| "x_mitre_is_subtechnique": true, | |
| "x_mitre_platforms": [ | |
| "Android", | |
| "iOS" | |
| ], | |
| "x_mitre_version": "1.1", | |
| "type": "attack-pattern", | |
| "id": "attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7", | |
| "created": "2022-04-05T19:49:58.938Z", | |
| "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", | |
| "revoked": false, | |
| "external_references": [ | |
| { | |
| "source_name": "mitre-attack", | |
| "url": "https://attack.mitre.org/techniques/T1430/002", | |
| "external_id": "T1430.002" | |
| }, | |
| { | |
| "source_name": "3GPP-Security", | |
| "description": "3GPP. (2000, January). A Guide to 3rd Generation Security. Retrieved December 19, 2016.", | |
| "url": "http://www.3gpp.org/ftp/tsg_sa/wg3_security/_specs/33900-120.pdf" | |
| }, | |
| { | |
| "source_name": "CSRIC5-WG10-FinalReport", | |
| "description": "Communications Security, Reliability, Interoperability Council (CSRIC). (2017, March). Working Group 10 Legacy Systems Risk Reductions Final Report. Retrieved May 24, 2017.", | |
| "url": "https://www.fcc.gov/files/csric5-wg10-finalreport031517pdf" | |
| }, | |
| { | |
| "source_name": "CSRIC-WG1-FinalReport", | |
| "description": "CSRIC-WG1-FinalReport" | |
| }, | |
| { | |
| "source_name": "Positive-SS7", | |
| "description": "Positive Technologies. (n.d.). SS7 Attack Discovery. Retrieved December 19, 2016.", | |
| "url": "https://www.ptsecurity.com/upload/ptcom/PT-SS7-AD-Data-Sheet-eng.pdf" | |
| }, | |
| { | |
| "source_name": "Engel-SS7-2008", | |
| "description": "Tobias Engel. (2008, December). Locating Mobile Phones using SS7. Retrieved December 19, 2016.", | |
| "url": "https://www.youtube.com/watch?v=q0n5ySqbfdI" | |
| }, | |
| { | |
| "source_name": "Engel-SS7", | |
| "description": "Tobias Engel. (2014, December). SS7: Locate. Track. Manipulate.. Retrieved December 19, 2016.", | |
| "url": "https://berlin.ccc.de/~tobias/31c3-ss7-locate-track-manipulate.pdf" | |
| }, | |
| { | |
| "source_name": "NIST Mobile Threat Catalogue", | |
| "url": "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-38.html", | |
| "external_id": "CEL-38" | |
| } | |
| ], | |
| "object_marking_refs": [ | |
| "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" | |
| ], | |
| "x_mitre_attack_spec_version": "3.1.0", | |
| "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" | |
| } | |
| ] | |
| } |