diff --git a/clusters/mitre-fight-techniques.json b/clusters/mitre-fight-techniques.json index b12f8d5..8f2238a 100644 --- a/clusters/mitre-fight-techniques.json +++ b/clusters/mitre-fight-techniques.json @@ -96,17 +96,17 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1199.501", "[1] 5GS Roaming Guidelines Version 5.0 (non-confidential , NG.113-v5.0, GSMA, December 2021 - https://www.gsma.com/newsroom/wp-content/uploads//NG.113-v5.0.pdf", "[2] 5G; Security Architecture and Procedures for 5G System, TS 33.501 v16.10.0 Release 16, Sections 9.9, 13.1, 13.2, 3GPP, March 2022 - https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=3169", "[3] ETSI White Paper No. 46 – MEC security: Status of standards support and future evolutions, 1st edition, ETSI, May 2021 - https://www.etsi.org/images/files/ETSIWhitePapers/ETSI_WP_46-_MEC_security.pdf", "[4] R. Pell, S. Moschoyiannis, E. Panaousis, R. Heartfield, “Towards dynamic threat modelling in 5G core networks based on MITRE ATT&CK”,  October 2021 - https://arxiv.org/abs/2108.11206", + "https://fight.mitre.org/data%20sources/DS0015", + "https://fight.mitre.org/data%20sources/DS0029", "https://fight.mitre.org/mitigations/M1018", "https://fight.mitre.org/mitigations/M1030", "https://fight.mitre.org/mitigations/M1037", "https://fight.mitre.org/mitigations/M1054", - "https://fight.mitre.org/data%20sources/DS0015", - "https://fight.mitre.org/data%20sources/DS0029" + "https://fight.mitre.org/techniques/FGT1199.501" ], "status": "This is a theoretical behavior in context of 5G systems.", "subtechnique-of": "FGT1199", @@ -236,17 +236,17 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1525", "[1] ENISA THREAT LANDSCAPE FOR 5G NETWORKS, December 2020, section 6.2. Accessed April 13, 2021 - https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-for-5g-networks/", "[2] Docker Documentation, Security, Content in Trust - https://docs.docker.com/engine/security/trust/", + "https://fight.mitre.org/data%20sources/FGDS5012", + "https://fight.mitre.org/data%20sources/FGDS5015", "https://fight.mitre.org/mitigations/FGM5088", "https://fight.mitre.org/mitigations/FGM5089", "https://fight.mitre.org/mitigations/FGM5090", "https://fight.mitre.org/mitigations/M1035", "https://fight.mitre.org/mitigations/M1043", "https://fight.mitre.org/mitigations/M1049", - "https://fight.mitre.org/data%20sources/FGDS5012", - "https://fight.mitre.org/data%20sources/FGDS5015" + "https://fight.mitre.org/techniques/FGT1525" ], "status": "This is an observed behavior in Enterprise networks, and is theoretical in context of 5G systems.", "typecode": "attack_technique_addendum" @@ -338,13 +338,13 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5002", "[1] S.P. Rao, S. Holtmanns, T. Aura: “Threat modeling framework for mobile communication systems”, May 2020 - https://arxiv.org/abs/2005.05110v1", "[2] European Union Agency for Cybersecurity (ENISA , “Signaling security in telecom SS7/Diameter/5G”, March 2018 - https://www.enisa.europa.eu/publications/signalling-security-in-telecom-ss7-diameter-5g", "[3] GSM Association, “Official Document NG.111 - SMS Evolution”, v2.0, Nov. 2020 - https://www.gsma.com/newsroom/wp-content/uploads//NG.111-v2.0.pdf", "[4] Kirill Puzankov: “Hidden Agendas: bypassing GSMA recommendations on SS7 networks,”accessed on May 25, 2023 - https://docplayer.net/136483279-Hidden-agendas-bypassing-gsma-recommendations-on-ss7-networks-kirill-puzankov.html", + "https://fight.mitre.org/data%20sources/DS0015", "https://fight.mitre.org/mitigations/FGM5004", - "https://fight.mitre.org/data%20sources/DS0015" + "https://fight.mitre.org/techniques/FGT5002" ], "status": "Observed in earlier 3GPP generations and expected in 5G.", "typecode": "fight_technique" @@ -423,13 +423,13 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1562.501", "[1] S.P. Rao, S. Holtmanns, T. Aura: “Threat modeling framework for mobile communication systems”, May 2020 - https://arxiv.org/abs/2005.05110v1", "[2] DEFCON 24 article “Forcing Targeted LTE Cellphone Into Unsafe Network” - https://www.scribd.com/document/350156530/forcing-targeted-lte-cellphone-into-unsafe-network", + "https://fight.mitre.org/data%20sources/FGDS5013", "https://fight.mitre.org/mitigations/FGM5002", "https://fight.mitre.org/mitigations/FGM5092", "https://fight.mitre.org/mitigations/FGM5097", - "https://fight.mitre.org/data%20sources/FGDS5013" + "https://fight.mitre.org/techniques/FGT1562.501" ], "status": "This is a theoretical behavior in context of 5G systems.", "subtechnique-of": "FGT1562", @@ -520,11 +520,11 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1592.501", "[1] S.P. Rao, S. Holtmanns, T. Aura: “Threat modeling framework for mobile communication systems”, May 2020 - https://arxiv.org/abs/2005.05110v1", - "https://fight.mitre.org/mitigations/FGM5500", "https://fight.mitre.org/data%20sources/FGDS5008", - "https://fight.mitre.org/data%20sources/FGDS5009" + "https://fight.mitre.org/data%20sources/FGDS5009", + "https://fight.mitre.org/mitigations/FGM5500", + "https://fight.mitre.org/techniques/FGT1592.501" ], "status": "Observed in earlier 3GPP generations and expected in 5G.", "subtechnique-of": "FGT1592", @@ -615,13 +615,13 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5003", "[1] R. Pell, S. Moschoyiannis, E. Panaousis, R. Heartfield, “Towards dynamic threat modelling in 5G core networks based on MITRE ATT&CK”, October 2021 - https://arxiv.org/abs/2108.11206", "[2] 3GPP Technical Report 33.926, “Security Assurance Specification (SCAS threats and critical assets in 3GPP network product classes”, Release 17. - https://www.3gpp.org/DynaReport/33926.htm", "[3] Internet Engineering Task Force (IETF “OAuth 2.0 Security Best Current Practice”, draft-ietf-oauth-security-topics-05, June 2022. - https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-19", + "https://fight.mitre.org/data%20sources/DS0015", "https://fight.mitre.org/mitigations/FGM5003", "https://fight.mitre.org/mitigations/FGM5501", - "https://fight.mitre.org/data%20sources/DS0015" + "https://fight.mitre.org/techniques/FGT5003" ], "status": "This is a theoretical behavior in context of 5G systems.", "typecode": "fight_technique" @@ -739,10 +739,12 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5004", "[1] ENISA, “Threat Landscape and Good Practice Guide for Software Defined Networks/5G”, Jan. 2016 - https://www.enisa.europa.eu/publications/sdn-threat-landscape", "[2] Scott-Hayward, S., O'Callaghan, G., & Sezer, S. “SDN Security: A Survey”. 2013 IEEE SDN for Future. Networks and Services (SDN4FNS (pp. 1-7 - https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6702c553&tag=1", "[3] R. Pell, S. Moschoyiannis, E. Panaousis, R. Heartfield, “Towards dynamic threat modelling in 5G core networks based on MITRE ATT&CK”, October 2021 - https://arxiv.org/abs/2108.11206", + "https://fight.mitre.org/data%20sources/DS0015", + "https://fight.mitre.org/data%20sources/DS0029", + "https://fight.mitre.org/data%20sources/FGDS5014", "https://fight.mitre.org/mitigations/FGM5024", "https://fight.mitre.org/mitigations/FGM5090", "https://fight.mitre.org/mitigations/FGM5091", @@ -751,9 +753,7 @@ "https://fight.mitre.org/mitigations/M1041", "https://fight.mitre.org/mitigations/M1053", "https://fight.mitre.org/mitigations/M1054", - "https://fight.mitre.org/data%20sources/DS0015", - "https://fight.mitre.org/data%20sources/DS0029", - "https://fight.mitre.org/data%20sources/FGDS5014" + "https://fight.mitre.org/techniques/FGT5004" ], "status": "This is a theoretical behavior in context of 5G systems.", "typecode": "fight_technique" @@ -903,10 +903,12 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5004.001", "[1] ENISA, “Threat Landscape and Good Practice Guide for Software Defined Networks/5G”, Jan. 2016 - https://www.enisa.europa.eu/publications/sdn-threat-landscape", "[2] Scott-Hayward, S., O'Callaghan, G., & Sezer, S. “SDN Security: A Survey”. 2013 IEEE SDN for Future. Networks and Services (SDN4FNS (pp. 1-7 - https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6702553&tag=1", "[3] R. Pell, S. Moschoyiannis, E. Panaousis, R. Heartfield, “Towards dynamic threat modelling in 5G core networks based on MITRE ATT&CK”, October 2021 - https://arxiv.org/abs/2108.11206", + "https://fight.mitre.org/data%20sources/DS0015", + "https://fight.mitre.org/data%20sources/DS0029", + "https://fight.mitre.org/data%20sources/FGDS5014", "https://fight.mitre.org/mitigations/FGM5024", "https://fight.mitre.org/mitigations/FGM5090", "https://fight.mitre.org/mitigations/FGM5091", @@ -915,9 +917,7 @@ "https://fight.mitre.org/mitigations/M1041", "https://fight.mitre.org/mitigations/M1053", "https://fight.mitre.org/mitigations/M1054", - "https://fight.mitre.org/data%20sources/DS0015", - "https://fight.mitre.org/data%20sources/DS0029", - "https://fight.mitre.org/data%20sources/FGDS5014" + "https://fight.mitre.org/techniques/FGT5004.001" ], "status": "This is a theoretical behavior in context of 5G systems.", "subtechnique-of": "FGT5004", @@ -1076,10 +1076,12 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5004.002", "[1] ENISA, “Threat Landscape and Good Practice Guide for Software Defined Networks/5G”, Jan. 2016 - https://www.enisa.europa.eu/publications/sdn-threat-landscape", "[2] Scott-Hayward, S., O'Callaghan, G., & Sezer, S. “SDN Security: A Survey”. 2013 IEEE SDN for Future. Networks and Services (SDN4FNS (pp. 1-7 - https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6702553&tag=1", "[3] R. Pell, S. Moschoyiannis, E. Panaousis, R. Heartfield, “Towards dynamic threat modelling in 5G core networks based on MITRE ATT&CK”, October 2021 - https://arxiv.org/abs/2108.11206", + "https://fight.mitre.org/data%20sources/DS0015", + "https://fight.mitre.org/data%20sources/DS0029", + "https://fight.mitre.org/data%20sources/FGDS5014", "https://fight.mitre.org/mitigations/FGM5024", "https://fight.mitre.org/mitigations/FGM5090", "https://fight.mitre.org/mitigations/FGM5091", @@ -1088,9 +1090,7 @@ "https://fight.mitre.org/mitigations/M1041", "https://fight.mitre.org/mitigations/M1053", "https://fight.mitre.org/mitigations/M1054", - "https://fight.mitre.org/data%20sources/DS0015", - "https://fight.mitre.org/data%20sources/DS0029", - "https://fight.mitre.org/data%20sources/FGDS5014" + "https://fight.mitre.org/techniques/FGT5004.002" ], "status": "This is a theoretical behavior in context of 5G systems.", "subtechnique-of": "FGT5004", @@ -1242,15 +1242,15 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5039", "[1] S.P. Rao, S. Holtmanns, T. Aura: “Threat modeling framework for mobile communication systems”, May 2020 - https://arxiv.org/abs/2005.05110v1", - "https://fight.mitre.org/mitigations/M1033", - "https://fight.mitre.org/mitigations/M1047", - "https://fight.mitre.org/mitigations/M1053", "https://fight.mitre.org/data%20sources/DS0007", "https://fight.mitre.org/data%20sources/DS0015", "https://fight.mitre.org/data%20sources/DS0028", - "https://fight.mitre.org/data%20sources/DS0029" + "https://fight.mitre.org/data%20sources/DS0029", + "https://fight.mitre.org/mitigations/M1033", + "https://fight.mitre.org/mitigations/M1047", + "https://fight.mitre.org/mitigations/M1053", + "https://fight.mitre.org/techniques/FGT5039" ], "status": "This is a theoretical behavior in context of 5G systems.", "typecode": "fight_technique" @@ -1375,17 +1375,17 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1611", "[1] ETSI NFV SEC023, Container security spec (WIP v004. - https://docbox.etsi.org/ISG/NFV/Open/Drafts/SEC023_Container_Security_Spec", "[2] R. Pell, S. Moschoyiannis, E. Panaousis, R. Heartfield, “Towards dynamic threat modelling in 5G core networks based on MITRE ATT&CK”, October 2021 - https://arxiv.org/abs/2108.11206", "[3] Github, “Awesome VM exploit” - https://github.com/WinMin/awesome-vm-exploit", "[4] Project Zero - https://googleprojectzero.blogspot.com/2021/06/an-epyc-escape-case-study-of-kvm.html", + "https://fight.mitre.org/data%20sources/DS0009", + "https://fight.mitre.org/data%20sources/DS0032", + "https://fight.mitre.org/data%20sources/DS0034", "https://fight.mitre.org/mitigations/M1026", "https://fight.mitre.org/mitigations/M1038", "https://fight.mitre.org/mitigations/M1048", - "https://fight.mitre.org/data%20sources/DS0009", - "https://fight.mitre.org/data%20sources/DS0032", - "https://fight.mitre.org/data%20sources/DS0034" + "https://fight.mitre.org/techniques/FGT1611" ], "status": "This is an observed behavior in Enterprise networks, and is theoretical in context of 5G systems.", "typecode": "attack_technique_addendum" @@ -1478,18 +1478,18 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5005", "[1] European Union Agency for Cybersecurity (ENISA : “ENISA Threat Landscape for 5G Networks” Report, section 6.2, December 2020. - https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-for-5g-networks", "[2] ENISA, “Threat Landscape and Good Practice Guide for Software Defined Networks/5G”, Jan. 2016 - https://www.enisa.europa.eu/publications/sdn-threat-landscape", "[3] ETSI GS NFV-SEC 009 V1.1.1, “NFV Security:\nReport on use cases and technical approaches for multi-layer host administration”, December 2015 - https://www.etsi.org/deliver/etsi_gs/nfv-sec/001_099/009/01.01.01_60/gs_nfv-sec009v010101p.pdf", "[4] N. Huq, “PoS RAM Scraper Malware: Past, Present, and Future,” Trend Micro, accessed May 25, 2023 - https://www.wired.com/wp-content/uploads/2014/09/wp-pos-ram-scraper-malware.pdf", "[5] J. Hizver, “Taxonomic Modeling of Security Threats in Software Defined Networking”, Blackhat Conference, Aug. 2015 - https://www.blackhat.com/docs/us-15/materials/us-15-Hizver-Taxonomic-Modeling-Of-Security-Threats-In-Software-Defined-Networking-wp.pdf", "[6] R. Pell, S. Moschoyiannis, E. Panaousis, R. Heartfield, “Towards dynamic threat modelling in 5G core networks based on MITRE ATT&CK”, October 2021 - https://arxiv.org/abs/2108.11206", + "https://fight.mitre.org/data%20sources/DS0015", + "https://fight.mitre.org/data%20sources/DS0029", "https://fight.mitre.org/mitigations/FGM5090", "https://fight.mitre.org/mitigations/M1033", "https://fight.mitre.org/mitigations/M1047", - "https://fight.mitre.org/data%20sources/DS0015", - "https://fight.mitre.org/data%20sources/DS0029" + "https://fight.mitre.org/techniques/FGT5005" ], "status": "Observed in earlier 3GPP generations and expected in 5G.", "typecode": "fight_technique" @@ -1560,10 +1560,10 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1437", "[1] R. Pell, S. Moschoyiannis, E. Panaousis, R. Heartfield, “Towards dynamic threat modelling in 5G core networks based on MITRE ATT&CK”, October 2021 - https://arxiv.org/abs/2108.11206", "[2] 3rd Generation Partnership Project (3GPP TS 23.502, “Procedures for the 5G System (5GS ; Stage 2 (Release 17 ”, Technical Specification, v17.4.0, March 2022. - https://www.3gpp.org/DynaReport/23502.htm", - "https://fight.mitre.org/mitigations/FGM5501" + "https://fight.mitre.org/mitigations/FGM5501", + "https://fight.mitre.org/techniques/FGT1437" ], "status": "This is an observed behavior in Enterprise networks, and is theoretical in context of 5G systems.", "typecode": "attack_technique_addendum" @@ -1628,13 +1628,13 @@ "object-type": "technique", "platforms": "Infrastructure, PNF", "refs": [ - "https://fight.mitre.org/techniques/FGT1078.003", "[1] ENISA “Threat Landscape and Good Practice Guide for Software Defined Networks/5G”, Jan. 2016, Table 1, and 2 - https://www.enisa.europa.eu/publications/sdn-threat-landscape", "[2] R. Pell, S. Moschoyiannis, E. Panaousis, R. Heartfield, “Towards dynamic threat modelling in 5G core networks based on MITRE ATT&CK”,  October 2021 - https://arxiv.org/abs/2108.11206", + "https://fight.mitre.org/data%20sources/DS0002", + "https://fight.mitre.org/data%20sources/DS0028", "https://fight.mitre.org/mitigations/M1026", "https://fight.mitre.org/mitigations/M1027", - "https://fight.mitre.org/data%20sources/DS0002", - "https://fight.mitre.org/data%20sources/DS0028" + "https://fight.mitre.org/techniques/FGT1078.003" ], "status": "This is an observed behavior in Enterprise networks, and is theoretical in context of 5G systems.", "subtechnique-of": "FGT1078", @@ -1751,19 +1751,19 @@ "object-type": "technique", "platforms": "Infrastructure, PNF, VNF Hosts", "refs": [ - "https://fight.mitre.org/techniques/FGT1014", "[1] ETSI NFV SEC025, Secure E2E VNF & NS management spec (WIP v006, retrieved April 26, 2021 - https://docbox.etsi.org/ISG/NFV/Open/Drafts/SEC025_Secure_E2E_VNF_%26_NS_management", - "https://fight.mitre.org/mitigations/M1018", - "https://fight.mitre.org/mitigations/M1045", - "https://fight.mitre.org/mitigations/M1046", - "https://fight.mitre.org/mitigations/M1047", - "https://fight.mitre.org/mitigations/M1051", "https://fight.mitre.org/data%20sources/DS0007", "https://fight.mitre.org/data%20sources/DS0008", "https://fight.mitre.org/data%20sources/DS0009", "https://fight.mitre.org/data%20sources/DS0019", "https://fight.mitre.org/data%20sources/DS0022", - "https://fight.mitre.org/data%20sources/DS0029" + "https://fight.mitre.org/data%20sources/DS0029", + "https://fight.mitre.org/mitigations/M1018", + "https://fight.mitre.org/mitigations/M1045", + "https://fight.mitre.org/mitigations/M1046", + "https://fight.mitre.org/mitigations/M1047", + "https://fight.mitre.org/mitigations/M1051", + "https://fight.mitre.org/techniques/FGT1014" ], "status": "This is an observed behavior in Enterprise networks, and is theoretical in context of 5G systems.", "typecode": "attack_technique_addendum" @@ -1906,20 +1906,20 @@ "object-type": "technique", "platforms": "Infrastructure, PNF, VNF Hosts", "refs": [ - "https://fight.mitre.org/techniques/FGT1542.501", "[1] ETSI NFV SEC025, Secure E2E VNF & NS management spec (WIP v006, retrieved April 26, 2021 - https://docbox.etsi.org/ISG/NFV/Open/Drafts/SEC025_Secure_E2E_VNF_%26_NS_management", - "https://fight.mitre.org/mitigations/M1018", - "https://fight.mitre.org/mitigations/M1045", - "https://fight.mitre.org/mitigations/M1046", - "https://fight.mitre.org/mitigations/M1047", - "https://fight.mitre.org/mitigations/M1051", "https://fight.mitre.org/data%20sources/DS0007", "https://fight.mitre.org/data%20sources/DS0008", "https://fight.mitre.org/data%20sources/DS0009", "https://fight.mitre.org/data%20sources/DS0013", "https://fight.mitre.org/data%20sources/DS0019", "https://fight.mitre.org/data%20sources/DS0022", - "https://fight.mitre.org/data%20sources/DS0029" + "https://fight.mitre.org/data%20sources/DS0029", + "https://fight.mitre.org/mitigations/M1018", + "https://fight.mitre.org/mitigations/M1045", + "https://fight.mitre.org/mitigations/M1046", + "https://fight.mitre.org/mitigations/M1047", + "https://fight.mitre.org/mitigations/M1051", + "https://fight.mitre.org/techniques/FGT1542.501" ], "status": "This is a theoretical behavior", "subtechnique-of": "FGT1542", @@ -2064,13 +2064,12 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1499.002", - "[1] European Union Agency for Cybersecurity (ENISA : “ENISA Threat Landscape for 5G Networks” Report, December 2020. - https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-for-5g-networks", "[1] 3rd Generation Partnership Project (3GPP TR 33.846: “Study on Authentication Enhancements in the 5G System”, Technical Report, v17.0.0, Dec. 2021. - https://www.3gpp.org/DynaReport/33846.htm", + "[1] European Union Agency for Cybersecurity (ENISA : “ENISA Threat Landscape for 5G Networks” Report, December 2020. - https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-for-5g-networks", + "https://fight.mitre.org/data%20sources/FGDS5007", "https://fight.mitre.org/mitigations/FGM5021", "https://fight.mitre.org/mitigations/FGM5499", - "https://fight.mitre.org/data%20sources/FGDS5007", - "https://fight.mitre.org/data%20sources/FGDS5007" + "https://fight.mitre.org/techniques/FGT1499.002" ], "status": "This is an observed behavior in Enterprise networks, and is theoretical in context of 5G systems.", "subtechnique-of": "FGT1499", @@ -2156,15 +2155,15 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5007", "[1] European Union Agency for Cybersecurity (ENISA : “ENISA Threat Landscape for 5G Networks” Report, December 2020. - https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-for-5g-networks", "[2] European Union Agency for Cybersecurity (ENISA : “ENISA Threat Landscape for 5G Networks” Report, November 2019. - https://www.enisa.europa.eu/publications/enisa-threat-landscape-for-5g-networks", "[3] 3rd Generation Partnership Project (3GPP TS 23.502, “Procedures for the 5G System (5GS ; Stage 2 (Release 17 ”, Technical Specification, v17.4.0, March 2022. - https://www.3gpp.org/DynaReport/23502.htm", + "https://fight.mitre.org/data%20sources/DS0015", + "https://fight.mitre.org/data%20sources/DS0032", "https://fight.mitre.org/mitigations/FGM5023", "https://fight.mitre.org/mitigations/M1018", "https://fight.mitre.org/mitigations/M1030", - "https://fight.mitre.org/data%20sources/DS0015", - "https://fight.mitre.org/data%20sources/DS0032" + "https://fight.mitre.org/techniques/FGT5007" ], "status": "This is a theoretical behavior in context of 5G systems.", "typecode": "fight_technique" @@ -2251,14 +2250,14 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5035", "[1] Y. Arjoune and S. Faruque, “Smart Jamming Attacks in 5G New Radio: A Review” (2020 , 10th Annual Computing and Communication Workshop and Conference (CCWC - https://ieeexplore.ieee.org/abstract/document/9031175/", "[2] European Union Agency for Cybersecurity (ENISA : “ENISA Threat Landscape for 5G Networks” Report, December 2020. - https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-for-5g-networks", "[3] Lichtman, et al. “5G NR Jamming, Spoofing, and Sniffing: Threat Assessment and Mitigation” (2018 , 2018 IEEE International Conference on Communications Workshops - https://arxiv.org/pdf/1803.03845.pdf", + "https://fight.mitre.org/data%20sources/FGDS5001", "https://fight.mitre.org/mitigations/FGM5001", "https://fight.mitre.org/mitigations/FGM5099", "https://fight.mitre.org/mitigations/FGM5100", - "https://fight.mitre.org/data%20sources/FGDS5001" + "https://fight.mitre.org/techniques/FGT5035" ], "status": "Observed in earlier 3GPP generations and expected in 5G.", "typecode": "fight_technique" @@ -2359,7 +2358,6 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5008", "[1] European Union Agency for Cybersecurity (ENISA : “ENISA Threat Landscape for 5G Networks” Report, December 2020. - https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-for-5g-networks", "[2] ENISA “Threat Landscape for 5G Networks Report”, Nov 2019. - https://www.enisa.europa.eu/publications/enisa-threat-landscape-for-5g-networks", "[3] “Bhadra framework”: S.P. Rao, S. Holtmanns, T. Aura, “Threat modeling framework for mobile communication systems” - https://arxiv.org/abs/2005.05110v1", @@ -2367,10 +2365,11 @@ "[5] 3GPP TS 23.501 “Technical Specification Group Services and System Aspects; System architecture for the 5G System (5GS ”. - https://www.3gpp.org/DynaReport/23501.htm", "[6] “Ultra Cloud Core 5G User Plane Function, Release 2020.02 - Configuration and Administration Guide”, Cisco Systems, Accessed May 25, 2023 - https://www.cisco.com/c/en/us/td/docs/wireless/ucc/upf/Ultra-Cloud-Core-5G-UPF-Config-Guide.html", "[7] “5G Security Issues.” Positive Technologies - https://www.gsma.com/membership/resources/positive-technologies-5g-security-issues/", + "https://fight.mitre.org/data%20sources/DS0015", "https://fight.mitre.org/mitigations/FGM5019", "https://fight.mitre.org/mitigations/M1040", "https://fight.mitre.org/mitigations/M1047", - "https://fight.mitre.org/data%20sources/DS0015" + "https://fight.mitre.org/techniques/FGT5008" ], "status": "This is a theoretical behavior in context of 5G systems.", "typecode": "fight_technique" @@ -2460,14 +2459,14 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5010", "[1] 3rd Generation Partnership Project (3GPP TR 33.926: “Security Assurance Specification (SCAS threats and critical assets in 3GPP network product classes”, Technical Report, v17.3.0, Dec. 2021, clause E.2.2.3 - https://www.3gpp.org/DynaReport/33926.htm", "[2] 3rd Generation Partnership Project (3GPP TR 33.846,” Study on authentication enhancements in the 5G System (5GS ”, Technical Report, v17.0.0, December 2021, clause 5.3.1.2 - https://www.3gpp.org/DynaReport/33846.htm", "[3] European Union Agency for Cybersecurity (ENISA : “ENISA Threat Landscape for 5G Networks” Report, December 2020 - https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-for-5g-networks", "[4] 3GPP TS 29.503: “5G System; Unified Data Management Services; Stage 3” - https://www.3gpp.org/DynaReport/29503.htm", - "https://fight.mitre.org/mitigations/FGM5023", "https://fight.mitre.org/mitigations/FGM5013", - "https://fight.mitre.org/mitigations/FGM5014" + "https://fight.mitre.org/mitigations/FGM5014", + "https://fight.mitre.org/mitigations/FGM5023", + "https://fight.mitre.org/techniques/FGT5010" ], "status": "This is a theoretical behavior in context of 5G systems.", "typecode": "fight_technique" @@ -2552,13 +2551,13 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5011", "[1] 3GPP TR 33.926 Security Assurance Specification (SCAS threats and critical assets in 3GPP network product classes. - https://www.3gpp.org/DynaReport/33926.htm", "[2] Internet Engineering Task Force, IETF RFC 6819 “OAuth 2.0 Threat Model and Security Considerations”, Jan. 2013. - https://datatracker.ietf.org/doc/html/rfc6819", + "https://fight.mitre.org/data%20sources/DS0015", "https://fight.mitre.org/mitigations/FGM5003", "https://fight.mitre.org/mitigations/FGM5019", "https://fight.mitre.org/mitigations/M1040", - "https://fight.mitre.org/data%20sources/DS0015" + "https://fight.mitre.org/techniques/FGT5011" ], "status": "This is a theoretical behavior in context of 5G systems.", "typecode": "fight_technique" @@ -2625,11 +2624,11 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5012.003", "[1] B. Hong, S. Bae, Y. Kim, “GUTI Reallocation Demystified: Cellular Location Tracking with Changing Temporary Identifier”, NDSS Symposium, 2018. - https://www.ndss-symposium.org/wp-content/uploads/2018/02/ndss2018_02A-4_Hong_paper.pdf", "[2] 3rd Generation Partnership Project (3GPP TR 33.926: “Security Assurance Specification (SCAS threats and critical assets in 3GPP network product classes”, Technical Report, v17.3.0, December. 2021, clause K.2.7.1 - https://www.3gpp.org/DynaReport/33926.htm", "[3] 3rd Generation Partnership Project (3GPP TR 33.501: “Security architecture and procedures for 5G system”, Technical Specification, v17.5.0, March 2022 - https://www.3gpp.org/DynaReport/33501.htm", - "https://fight.mitre.org/mitigations/FGM5094" + "https://fight.mitre.org/mitigations/FGM5094", + "https://fight.mitre.org/techniques/FGT5012.003" ], "status": "Observed in earlier 3GPP generations and expected in 5G.", "subtechnique-of": "FGT5012", @@ -2750,18 +2749,18 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1600.501", "[1] 3GPP TR 33.926 “Security Assurance Specification (SCAS threats and critical assets in 3GPP network product classes”. - https://www.3gpp.org/DynaReport/33926.htm", "[2] 3GPP TS 33.501 “Security architecture and procedures for 5G System”. - https://www.3gpp.org/DynaReport/33501.htm", "[3] 3GPP TS 23.502 “Procedures for the 5G System (5GS ”. - https://www.3gpp.org/DynaReport/23502.htm", + "https://fight.mitre.org/data%20sources/DS0015", + "https://fight.mitre.org/data%20sources/DS0029", "https://fight.mitre.org/mitigations/M1018", "https://fight.mitre.org/mitigations/M1031", "https://fight.mitre.org/mitigations/M1041", "https://fight.mitre.org/mitigations/M1043", "https://fight.mitre.org/mitigations/M1046", "https://fight.mitre.org/mitigations/M1051", - "https://fight.mitre.org/data%20sources/DS0015", - "https://fight.mitre.org/data%20sources/DS0029" + "https://fight.mitre.org/techniques/FGT1600.501" ], "status": "This is a theoretical behavior in context of 5G systems.", "subtechnique-of": "FGT1600", @@ -2882,15 +2881,15 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5021", "[1] 3GPP TR 33.926 “Security Assurance Specification (SCAS threats and critical assets in 3GPP network product classes”. - https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=3002", "[2] 3GPP TS 23.501 “System architecture for the 5G System (5GS ”. - https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=3144", "[3] 3GPP TS 23.502, “Procedures for the 5G System (5GS ; Stage 2 (Release 17 ”, Technical Specification, v17.4.0, March 2022. - https://www.3gpp.org/DynaReport/23502.htm", + "https://fight.mitre.org/data%20sources/DS0029", + "https://fight.mitre.org/data%20sources/FGDS5003", "https://fight.mitre.org/mitigations/FGM5094", "https://fight.mitre.org/mitigations/M1035", "https://fight.mitre.org/mitigations/M1047", - "https://fight.mitre.org/data%20sources/DS0029", - "https://fight.mitre.org/data%20sources/FGDS5003" + "https://fight.mitre.org/techniques/FGT5021" ], "status": "This is a theoretical behavior in context of 5G systems.", "typecode": "fight_technique" @@ -2977,13 +2976,13 @@ "object-type": "technique", "platforms": "PNF, VNF Hosts", "refs": [ - "https://fight.mitre.org/techniques/FGT1021", "[1] Fraunhofer AISEC, “Threat Analysis of Container-as-a-Service for Network Function “, Retrieved April 28 2022 - https://www.aisec.fraunhofer.de/content/dam/aisec/Dokumente/Publikationen/Studien_TechReports/englisch/caas_threat_analysis_wp.pdf", - "https://fight.mitre.org/mitigations/M1018", - "https://fight.mitre.org/mitigations/M1032", "https://fight.mitre.org/data%20sources/DS0017", "https://fight.mitre.org/data%20sources/DS0028", - "https://fight.mitre.org/data%20sources/DS0029" + "https://fight.mitre.org/data%20sources/DS0029", + "https://fight.mitre.org/mitigations/M1018", + "https://fight.mitre.org/mitigations/M1032", + "https://fight.mitre.org/techniques/FGT1021" ], "status": "This is an observed behavior in Enterprise networks, and is theoretical in context of 5G systems.", "typecode": "attack_technique_addendum" @@ -3073,13 +3072,13 @@ "object-type": "technique", "platforms": "Infrastructure, CI/CD, OA&M Tools, VNFs", "refs": [ - "https://fight.mitre.org/techniques/FGT1195", "[1] ETSI NFV SEC001, “Network Functions Virtualization (NFV ; NFV Security; Problem Statement”, Jan. 2014, section 6.9 - https://www.etsi.org/deliver/etsi_gs/nfv-sec/001_099/001/01.01.01_60/gs_nfv-sec001v010101p.pdf", "[2] The Untold Story of the Boldest Supply-Chain Hack Ever - https://www.wired.com/story/the-untold-story-of-solarwinds-the-boldest-supply-chain-hack-ever/", + "https://fight.mitre.org/data%20sources/DS0013", + "https://fight.mitre.org/data%20sources/DS0022", "https://fight.mitre.org/mitigations/M1016", "https://fight.mitre.org/mitigations/M1051", - "https://fight.mitre.org/data%20sources/DS0013", - "https://fight.mitre.org/data%20sources/DS0022" + "https://fight.mitre.org/techniques/FGT1195" ], "status": "This is an observed behavior in Enterprise networks, and is theoretical in context of 5G systems.", "typecode": "attack_technique_addendum" @@ -3196,11 +3195,12 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1072", "[1] ETSI NFV SEC001, “Network Functions Virtualization (NFV ; NFV Security; Problem Statement”, Jan. 2014, section 6.9 - https://www.etsi.org/deliver/etsi_gs/nfv-sec/001_099/001/01.01.01_60/gs_nfv-sec001v010101p.pdf", "[2] R. Pell, S. Moschoyiannis, E. Panaousis, R. Heartfield, “Towards dynamic threat modelling in 5G core networks based on MITRE ATT&CK”,  October 2021 - https://arxiv.org/abs/2108.11206", "[3] Dell SecureWorks. (2013, March 21 . Wiper Malware Analysis Attacking Korean Financial Sector. Retrieved May 13, 2015. - http://www.secureworks.com/cyber-threat-intelligence/threats/wiper-malware-analysis-attacking-korean-financial-sector/", "[4] Silence – a new Trojan attacking financial organizations (accessed 06/20/2023 - https://securelist.com/the-silence/83009/", + "https://fight.mitre.org/data%20sources/DS0009", + "https://fight.mitre.org/data%20sources/DS0015", "https://fight.mitre.org/mitigations/M1018", "https://fight.mitre.org/mitigations/M1026", "https://fight.mitre.org/mitigations/M1027", @@ -3208,8 +3208,7 @@ "https://fight.mitre.org/mitigations/M1030", "https://fight.mitre.org/mitigations/M1032", "https://fight.mitre.org/mitigations/M1051", - "https://fight.mitre.org/data%20sources/DS0009", - "https://fight.mitre.org/data%20sources/DS0015" + "https://fight.mitre.org/techniques/FGT1072" ], "status": "This is an observed behavior in Enterprise networks, and is theoretical in context of 5G systems.", "typecode": "attack_technique_addendum" @@ -3330,17 +3329,17 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1078.004", "[1] ETSI NFV SEC023, Container Security Spec, section 5.4.4, Accessed 6/27/2022 - https://docbox.etsi.org/ISG/NFV/Open/Drafts/SEC023_Container_Security_Spec/NFV-SEC023v005.zip", "[2] Peirates - https://github.com/inguardians/peirates", "[3] Kubernetes Used in Brute-Force Attacks Tied to Russia’s APT28 - https://vulners.com/threatpost/THREATPOST:B25070E6CF075EEA6B20C4D8D25ADBE8", + "https://fight.mitre.org/data%20sources/DS0002", + "https://fight.mitre.org/data%20sources/DS0028", "https://fight.mitre.org/mitigations/M1017", "https://fight.mitre.org/mitigations/M1018", "https://fight.mitre.org/mitigations/M1026", "https://fight.mitre.org/mitigations/M1027", "https://fight.mitre.org/mitigations/M1032", - "https://fight.mitre.org/data%20sources/DS0002", - "https://fight.mitre.org/data%20sources/DS0028" + "https://fight.mitre.org/techniques/FGT1078.004" ], "status": "This is an observed behavior in Enterprise networks, and is theoretical in context of 5G systems.", "subtechnique-of": "FGT1078", @@ -3465,15 +3464,15 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5013", "[1] ETSI NFV SEC025, Secure End-to-End VNF and NS management specification\nRelease 4, section 4.4.3, accessed 6/28/2022 - https://docbox.etsi.org/ISG/NFV/Open/Drafts/SEC025_Secure_E2E_VNF_&_NS_management/NFV-SEC025v0012.zip", + "https://fight.mitre.org/data%20sources/DS0014", + "https://fight.mitre.org/data%20sources/DS0015", + "https://fight.mitre.org/data%20sources/DS0032", "https://fight.mitre.org/mitigations/M1018", "https://fight.mitre.org/mitigations/M1030", "https://fight.mitre.org/mitigations/M1035", "https://fight.mitre.org/mitigations/M1047", - "https://fight.mitre.org/data%20sources/DS0014", - "https://fight.mitre.org/data%20sources/DS0015", - "https://fight.mitre.org/data%20sources/DS0032" + "https://fight.mitre.org/techniques/FGT5013" ], "status": "This is a theoretical behavior in context of 5G systems.", "typecode": "fight_technique" @@ -3569,12 +3568,12 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1609.501", "[1] ETSI NFV SEC025, Secure End-to-End VNF and NS management specification\nRelease 4, section 4.4.6, accessed 6/28/2022 - https://docbox.etsi.org/ISG/NFV/Open/Drafts/SEC025_Secure_E2E_VNF_&_NS_management/NFV-SEC025v0012.zip", "https://fight.mitre.org/mitigations/M1018", "https://fight.mitre.org/mitigations/M1026", "https://fight.mitre.org/mitigations/M1035", - "https://fight.mitre.org/mitigations/M1038" + "https://fight.mitre.org/mitigations/M1038", + "https://fight.mitre.org/techniques/FGT1609.501" ], "status": "This is a theoretical behavior", "subtechnique-of": "FGT1609", @@ -3687,16 +3686,16 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5014", "[1] Network Functions Virtualisation (NFV Release 4;\nSecurity;Isolation and trust domain specification\nRelease 4, section 4.2.1, Access 4/12/2022 - https://docbox.etsi.org/ISG/NFV/Open/Drafts/SEC026_Isolation_and_trust_domain", + "https://fight.mitre.org/data%20sources/DS0014", + "https://fight.mitre.org/data%20sources/DS0015", + "https://fight.mitre.org/data%20sources/DS0017", + "https://fight.mitre.org/data%20sources/DS0032", "https://fight.mitre.org/mitigations/M1018", "https://fight.mitre.org/mitigations/M1030", "https://fight.mitre.org/mitigations/M1035", "https://fight.mitre.org/mitigations/M1047", - "https://fight.mitre.org/data%20sources/DS0014", - "https://fight.mitre.org/data%20sources/DS0015", - "https://fight.mitre.org/data%20sources/DS0017", - "https://fight.mitre.org/data%20sources/DS0032" + "https://fight.mitre.org/techniques/FGT5014" ], "status": "This is a theoretical behavior in context of 5G systems.", "typecode": "fight_technique" @@ -3816,16 +3815,16 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1611.501", "[1] Network Functions Virtualisation (NFV Release 4;\nSecurity; Isolation and trust domain specification\nRelease 4, section 4.2.1, Accessed 4/12/2022 - https://docbox.etsi.org/ISG/NFV/Open/Drafts/SEC026_Isolation_and_trust_domain", + "https://fight.mitre.org/data%20sources/DS0009", + "https://fight.mitre.org/data%20sources/DS0015", + "https://fight.mitre.org/data%20sources/DS0032", + "https://fight.mitre.org/data%20sources/DS0034", "https://fight.mitre.org/mitigations/M1018", "https://fight.mitre.org/mitigations/M1030", "https://fight.mitre.org/mitigations/M1035", "https://fight.mitre.org/mitigations/M1047", - "https://fight.mitre.org/data%20sources/DS0009", - "https://fight.mitre.org/data%20sources/DS0015", - "https://fight.mitre.org/data%20sources/DS0032", - "https://fight.mitre.org/data%20sources/DS0034" + "https://fight.mitre.org/techniques/FGT1611.501" ], "status": "This is a theoretical behavior", "subtechnique-of": "FGT1611", @@ -3972,18 +3971,18 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1599.501", "[1] ETSI NFV SEC026 Isolation and trust domain specification, section 4.2.2 - https://docbox.etsi.org/ISG/NFV/Open/Drafts/SEC026_Isolation_and_trust_domain", + "https://fight.mitre.org/data%20sources/DS0013", + "https://fight.mitre.org/data%20sources/DS0015", + "https://fight.mitre.org/data%20sources/DS0028", + "https://fight.mitre.org/data%20sources/DS0029", "https://fight.mitre.org/mitigations/FGM5505", "https://fight.mitre.org/mitigations/FGM5506", "https://fight.mitre.org/mitigations/M1026", "https://fight.mitre.org/mitigations/M1030", "https://fight.mitre.org/mitigations/M1035", "https://fight.mitre.org/mitigations/M1041", - "https://fight.mitre.org/data%20sources/DS0013", - "https://fight.mitre.org/data%20sources/DS0015", - "https://fight.mitre.org/data%20sources/DS0028", - "https://fight.mitre.org/data%20sources/DS0029" + "https://fight.mitre.org/techniques/FGT1599.501" ], "status": "This is a theoretical behavior", "subtechnique-of": "FGT1599", @@ -4134,18 +4133,18 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1599.502", "[1] ETSI NFV SEC026 Isolation and trust domain specification, section 4.2.3 - https://docbox.etsi.org/ISG/NFV/Open/Drafts/SEC026_Isolation_and_trust_domain", + "https://fight.mitre.org/data%20sources/DS0013", + "https://fight.mitre.org/data%20sources/DS0015", + "https://fight.mitre.org/data%20sources/DS0028", + "https://fight.mitre.org/data%20sources/DS0029", "https://fight.mitre.org/mitigations/FGM5505", "https://fight.mitre.org/mitigations/FGM5506", "https://fight.mitre.org/mitigations/M1026", "https://fight.mitre.org/mitigations/M1030", "https://fight.mitre.org/mitigations/M1035", "https://fight.mitre.org/mitigations/M1041", - "https://fight.mitre.org/data%20sources/DS0013", - "https://fight.mitre.org/data%20sources/DS0015", - "https://fight.mitre.org/data%20sources/DS0028", - "https://fight.mitre.org/data%20sources/DS0029" + "https://fight.mitre.org/techniques/FGT1599.502" ], "status": "This is a theoretical behavior", "subtechnique-of": "FGT1599", @@ -4286,18 +4285,18 @@ "object-type": "technique", "platforms": "Slice", "refs": [ - "https://fight.mitre.org/techniques/FGT5038", "[1] Fraunhofer AISEC, “Threat Analysis of Container-as-a-Service for Network Function, accessed April 28, 2021 - https://www.aisec.fraunhofer.de/content/dam/aisec/Dokumente/Publikationen/Studien_TechReports/englisch/caas_threat_analysis_wp.pdf", + "https://fight.mitre.org/data%20sources/DS0013", + "https://fight.mitre.org/data%20sources/DS0015", + "https://fight.mitre.org/data%20sources/DS0028", + "https://fight.mitre.org/data%20sources/DS0029", "https://fight.mitre.org/mitigations/FGM5505", "https://fight.mitre.org/mitigations/FGM5506", "https://fight.mitre.org/mitigations/M1026", "https://fight.mitre.org/mitigations/M1030", "https://fight.mitre.org/mitigations/M1035", "https://fight.mitre.org/mitigations/M1041", - "https://fight.mitre.org/data%20sources/DS0013", - "https://fight.mitre.org/data%20sources/DS0015", - "https://fight.mitre.org/data%20sources/DS0028", - "https://fight.mitre.org/data%20sources/DS0029" + "https://fight.mitre.org/techniques/FGT5038" ], "status": "This is a theoretical behavior", "typecode": "fight_technique" @@ -4493,34 +4492,33 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1040", + "[10] 3GPP TR 33.848 “Study on Security Impacts of Virtualization”. (WIP Section 5.15.2 - https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=3574", "[1] 3GPP TR 33.926 “Security Assurance Specification (SCAS threats and critical assets in 3GPP network product classes”, March 2022 - https://www.3gpp.org/DynaReport/33926.htm", + "[1] O-RAN Threat Model 6.00 version - https://orandownloadsweb.azurewebsites.net/specifications", "[2] 3rd Generation Partnership Project (3GPP , “Security Architecture and Procedures for 5G System”, TS 33.501 v16.10.0 Release 16, March 2022 - https://www.3gpp.org/DynaReport/33501.htm", + "[2] O-RAN WG4 Control, User, and Synchronization Plane Specification 12.00 version - https://orandownloadsweb.azurewebsites.net/specifications", "[3] 3GPP TS 23.501 “System architecture for the 5G System (5GS ”, March 2022 - https://www.3gpp.org/DynaReport/23501.htm", + "[3] O-RAN WG4 Management Plane Specification 12.00 version - https://orandownloadsweb.azurewebsites.net/specifications", "[4] 3rd Generation Partnership Project (3GPP , “5G Security Assurance Specification (SCAS for the Security Edge Protection Proxy (SEPP network product class”, TS 33.517, ver. 17.0.0, Jun. 2021 - https://www.3gpp.org/DynaReport/33517.htm", "[5] G. Green, “5G Security when Roaming – Part 2,” Mpirical, Lancaster, UK, May 21,2021 - https://www.mpirical.com/blog/5g-security-when-roaming-part-2", "[6] R. Pell, S. Moschoyiannis, E. Panaousis, R. Heartfield, “Towards dynamic threat modelling in 5G core networks based on MITRE ATT&CK”, October 2021 - https://arxiv.org/abs/2108.11206", "[7] G. Koien, \"On Threats to the 5G Service Based Architecture\", 2021. - https://www.researchgate.net/publication/349455036_On_Threats_to_the_5G_Service_Based_Architecture", "[8] “The Transport Layer Security (TLS Protocol”, Version 1.2. RFC 5246 - https://www.ietf.org/rfc/rfc5246.txt", "[9] 3GPP TS 33.210 “Network Domain Security (NDS ; IP network layer security” - https://www.3gpp.org/DynaReport/33210.htm", - "[10] 3GPP TR 33.848 “Study on Security Impacts of Virtualization”. (WIP Section 5.15.2 - https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=3574", - "[1] O-RAN Threat Model 6.00 version - https://orandownloadsweb.azurewebsites.net/specifications", - "[2] O-RAN WG4 Control, User, and Synchronization Plane Specification 12.00 version - https://orandownloadsweb.azurewebsites.net/specifications", - "[3] O-RAN WG4 Management Plane Specification 12.00 version - https://orandownloadsweb.azurewebsites.net/specifications", - "https://fight.mitre.org/mitigations/FGM5033", - "https://fight.mitre.org/mitigations/M1020", - "https://fight.mitre.org/mitigations/M1040", - "https://fight.mitre.org/mitigations/M1041", - "https://fight.mitre.org/mitigations/M1054", - "https://fight.mitre.org/mitigations/M1026", - "https://fight.mitre.org/mitigations/M1030", - "https://fight.mitre.org/mitigations/M1041", - "https://fight.mitre.org/mitigations/M1047", "https://fight.mitre.org/data%20sources/DS0009", "https://fight.mitre.org/data%20sources/DS0015", "https://fight.mitre.org/data%20sources/DS0017", "https://fight.mitre.org/data%20sources/DS0039", - "https://fight.mitre.org/data%20sources/FGDS5022" + "https://fight.mitre.org/data%20sources/FGDS5022", + "https://fight.mitre.org/mitigations/FGM5033", + "https://fight.mitre.org/mitigations/M1020", + "https://fight.mitre.org/mitigations/M1026", + "https://fight.mitre.org/mitigations/M1030", + "https://fight.mitre.org/mitigations/M1040", + "https://fight.mitre.org/mitigations/M1041", + "https://fight.mitre.org/mitigations/M1047", + "https://fight.mitre.org/mitigations/M1054", + "https://fight.mitre.org/techniques/FGT1040" ], "status": "This is an observed behavior in Enterprise networks, and is theoretical in context of 5G systems.", "typecode": "attack_technique_addendum" @@ -4649,15 +4647,15 @@ "object-type": "technique", "platforms": "5G", "refs": [ - "https://fight.mitre.org/techniques/FGT1020.001", "[1] 3GPP TR 33.848 Security Impacts of Virtualization,\nSection 5.15.2 - https://www.3gpp.org/DynaReport/33848.htm", - "https://fight.mitre.org/mitigations/M1026", - "https://fight.mitre.org/mitigations/M1041", "https://fight.mitre.org/data%20sources/DS0002", "https://fight.mitre.org/data%20sources/DS0017", "https://fight.mitre.org/data%20sources/DS0022", "https://fight.mitre.org/data%20sources/DS0028", - "https://fight.mitre.org/data%20sources/DS0029" + "https://fight.mitre.org/data%20sources/DS0029", + "https://fight.mitre.org/mitigations/M1026", + "https://fight.mitre.org/mitigations/M1041", + "https://fight.mitre.org/techniques/FGT1020.001" ], "status": "This is an observed behavior in Enterprise networks, and is theoretical in context of 5G systems.", "subtechnique-of": "FGT1020", @@ -4772,15 +4770,15 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1555.501", "[1] Baseline Security Controls –NO-009, FS.31 version 2.0,GSMA, February 2020 - https://www.gsma.com/security/wp-content/uploads/2020/02/FS.31-v2.0.pdf", "[2] A New Trust Model For The 5G Era, Thales, October 2020 - https://cpl.thalesgroup.com/sites/default/files/content/research_reports_white_papers/field_document/2020-10/New-Trust-Model-For-5G-Era-WP.pdf", + "https://fight.mitre.org/data%20sources/DS0015", + "https://fight.mitre.org/data%20sources/DS0028", + "https://fight.mitre.org/data%20sources/DS0029", "https://fight.mitre.org/mitigations/M1017", "https://fight.mitre.org/mitigations/M1018", "https://fight.mitre.org/mitigations/M1026", - "https://fight.mitre.org/data%20sources/DS0015", - "https://fight.mitre.org/data%20sources/DS0028", - "https://fight.mitre.org/data%20sources/DS0029" + "https://fight.mitre.org/techniques/FGT1555.501" ], "status": "This is a theoretical behavior in context of 5G systems.", "subtechnique-of": "FGT1555", @@ -4862,10 +4860,10 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5015", "[1] GSM Association, “GSM Association Official Document FS.31, Baseline Security Controls.”, v3.0, Sep. 2023 - https://www.gsma.com/security/resources/fs-31-gsma-baseline-security-controls", + "https://fight.mitre.org/data%20sources/FGDS5009", "https://fight.mitre.org/mitigations/FGM5020", - "https://fight.mitre.org/data%20sources/FGDS5009" + "https://fight.mitre.org/techniques/FGT5015" ], "status": "This is a theoretical behavior in context of 5G systems.", "typecode": "fight_technique" @@ -4929,11 +4927,11 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1498.501", "[1] European Union Agency for Cybersecurity (ENISA : “ENISA Threat Landscape for 5G Networks” Report, December 2020. - https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-for-5g-networks", "[2] 3GPP TS 23.501: System architecture for the 5G System (5GS - https://www.3gpp.org/DynaReport/23501.htm", + "https://fight.mitre.org/data%20sources/DS0018", "https://fight.mitre.org/mitigations/FGM5498", - "https://fight.mitre.org/data%20sources/DS0018" + "https://fight.mitre.org/techniques/FGT1498.501" ], "status": "Observed in earlier 3GPP generations and expected in 5G.", "subtechnique-of": "FGT1498", @@ -5028,17 +5026,17 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5016", "[1] S.P. Rao, S. Holtmanns, T. Aura: “Threat modeling framework for mobile communication systems”, May 2020 - https://arxiv.org/abs/2005.05110v1", "[2] “Security Assurance Specification (SCAS threats and critical assets in 3GPP network product classes,” 3rd Generation Partnership Project (3GPP , TR 33.926 ver.17.3.0, Dec. 2021, sec. G.2.4.1-G.2.4.2 - https://www.3gpp.org/DynaReport/33926.htm", "[3] G. Green, “5G Security when Roaming – Part 2,” Mpirical, Lancaster, UK, May 21, 2021 - https://www.mpirical.com/blog/5g-security-when-roaming-part-2", "[4] “Security architecture and procedures for 5G System,” 3GPP, TS 33.501 ver. 16.3.0, July 2020, Sec. 13.1.2,13.2 - https://www.3gpp.org/DynaReport/33501.htm", "[5] “5G System; Public Land Mobile Network (PLMN Interconnection; Stage 3,” 3GPP, TS 29.573 ver.16.9.0, March 2022 - https://www.3gpp.org/DynaReport/29573.htm", "[6] P.Tommassen, “5G Security When Roaming,” iBasis, October 6, 2020 - https://ibasis.com/5g-security-when-roaming/", + "https://fight.mitre.org/data%20sources/DS0015", "https://fight.mitre.org/mitigations/M1041", "https://fight.mitre.org/mitigations/M1054", "https://fight.mitre.org/mitigations/M1056", - "https://fight.mitre.org/data%20sources/DS0015" + "https://fight.mitre.org/techniques/FGT5016" ], "status": "This is a theoretical behavior in context of 5G systems.", "typecode": "fight_technique" @@ -5128,12 +5126,12 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1018", "[1] S.P. Rao, S. Holtmanns, T. Aura: “Threat modeling framework for mobile communication systems”, May 2020 - https://arxiv.org/abs/2005.05110v1", + "https://fight.mitre.org/data%20sources/DS0029", "https://fight.mitre.org/mitigations/M1030", "https://fight.mitre.org/mitigations/M1031", "https://fight.mitre.org/mitigations/M1042", - "https://fight.mitre.org/data%20sources/DS0029" + "https://fight.mitre.org/techniques/FGT1018" ], "status": "This is an observed behavior in Enterprise networks, and is theoretical in context of 5G systems.", "typecode": "attack_technique_addendum" @@ -5223,12 +5221,12 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1046", "[1] S.P. Rao, S. Holtmanns, T. Aura: “Threat modeling framework for mobile communication systems”, May 2020 - https://arxiv.org/abs/2005.05110v1", + "https://fight.mitre.org/data%20sources/DS0029", "https://fight.mitre.org/mitigations/M1030", "https://fight.mitre.org/mitigations/M1031", "https://fight.mitre.org/mitigations/M1042", - "https://fight.mitre.org/data%20sources/DS0029" + "https://fight.mitre.org/techniques/FGT1046" ], "status": "This is an observed behavior in Enterprise networks, and is theoretical in context of 5G systems.", "typecode": "attack_technique_addendum" @@ -5341,15 +5339,15 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1599", "[1] S.P. Rao, S. Holtmanns, T. Aura: “Threat modeling framework for mobile communication systems”, May 2020 - https://arxiv.org/abs/2005.05110v1", "[2] R. Pell, S. Moschoyiannis, E. Panaousis, R. Heartfield, “Towards dynamic threat modelling in 5G core networks based on MITRE ATT&CK”, October 2021 - https://arxiv.org/abs/2108.11206", + "https://fight.mitre.org/data%20sources/DS0029", "https://fight.mitre.org/mitigations/M1026", "https://fight.mitre.org/mitigations/M1027", "https://fight.mitre.org/mitigations/M1032", "https://fight.mitre.org/mitigations/M1037", "https://fight.mitre.org/mitigations/M1043", - "https://fight.mitre.org/data%20sources/DS0029" + "https://fight.mitre.org/techniques/FGT1599" ], "status": "This is an observed behavior in Enterprise networks, and is theoretical in context of 5G systems.", "typecode": "attack_technique_addendum" @@ -5467,11 +5465,11 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5018", "[1] European Union Agency for Cybersecurity (ENISA : “ENISA Threat Landscape for 5G Networks” Report, December 2020. - https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-for-5g-networks", "[2] European Union Agency for Cybersecurity (ENISA : “ENISA Threat Landscape for 5G Networks” Report, November 2019. - https://www.enisa.europa.eu/publications/enisa-threat-landscape-for-5g-networks", + "https://fight.mitre.org/data%20sources/DS0040", "https://fight.mitre.org/mitigations/FGM5005", - "https://fight.mitre.org/data%20sources/DS0040" + "https://fight.mitre.org/techniques/FGT5018" ], "status": "Observed in earlier 3GPP generations and expected in 5G.", "typecode": "fight_technique" @@ -5558,12 +5556,12 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5018.001", "[1] European Union Agency for Cybersecurity (ENISA : “ENISA Threat Landscape for 5G Networks” Report, page 210, December 2020. - https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-for-5g-networks", "[2] ISO/IEC 27011:(2016 , “Information technology — Security techniques — Code of practice for Information security controls based on ISO/IEC 27002 for telecommunications organizations” - https://www.iso.org/obp/ui/#iso:std:iso-iec:27011:ed-2:v1:en", + "https://fight.mitre.org/data%20sources/FGDS5012", "https://fight.mitre.org/mitigations/FGM5005", "https://fight.mitre.org/mitigations/FGM5540", - "https://fight.mitre.org/data%20sources/FGDS5012" + "https://fight.mitre.org/techniques/FGT5018.001" ], "status": "Observed in earlier 3GPP generations and expected in 5G.", "subtechnique-of": "FGT5018", @@ -5646,11 +5644,11 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5018.002", "[1] European Union Agency for Cybersecurity (ENISA : “ENISA Threat Landscape for 5G Networks” Report, page 202, December 2020. - https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-for-5g-networks", "[2] El-Shorbagy, A.-moniem. “5G Technology and the Future of Architecture”. Procedia Computer Science, (2021 , volume 182, p121–131. - https://doi.org/10.1016/j.procs.2021.02.017", + "https://fight.mitre.org/data%20sources/DS0040", "https://fight.mitre.org/mitigations/FGM5005", - "https://fight.mitre.org/data%20sources/DS0040" + "https://fight.mitre.org/techniques/FGT5018.002" ], "status": "This is a theoretical behavior in context of 5G systems.", "subtechnique-of": "FGT5018", @@ -5729,11 +5727,11 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5018.003", "[1] European Union Agency for Cybersecurity (ENISA : “ENISA Threat Landscape for 5G Networks” Report, page 202, December 2020. - https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-for-5g-networks", "[2] ISO/IEC 27011:(2016 , “Information technology — Security techniques — Code of practice for Information security controls based on ISO/IEC 27002 for telecommunications organizations” - https://www.iso.org/obp/ui/#iso:std:iso-iec:27011:ed-2:v1:en", + "https://fight.mitre.org/data%20sources/FGDS5012", "https://fight.mitre.org/mitigations/FGM5005", - "https://fight.mitre.org/data%20sources/FGDS5012" + "https://fight.mitre.org/techniques/FGT5018.003" ], "status": "This is a theoretical behavior in context of 5G systems.", "subtechnique-of": "FGT5018", @@ -5820,11 +5818,11 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5018.004", "[1] European Union Agency for Cybersecurity (ENISA : “ENISA Threat Landscape for 5G Networks” Report, page 202, December 2020. - https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-for-5g-networks", "[2] Baars, J. “White Paper - Telecom Sites Physical Security”, December 2019, Asentria - https://www.asentria.com/blog/telecom-sites-physical-security-white-paper/.", + "https://fight.mitre.org/data%20sources/FGDS5012", "https://fight.mitre.org/mitigations/FGM5005", - "https://fight.mitre.org/data%20sources/FGDS5012" + "https://fight.mitre.org/techniques/FGT5018.004" ], "status": "Observed in earlier 3GPP generations and expected in 5G.", "subtechnique-of": "FGT5018", @@ -5946,15 +5944,15 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5012.004", "[1] S.P. Rao, S. Holtmanns, T. Aura: “Threat modeling framework for mobile communication systems”, May 2020 - https://arxiv.org/abs/2005.05110v1", "[2] R. Pell, S. Moschoyiannis, E. Panaousis, R. Heartfield, “Towards dynamic threat modelling in 5G core networks based on MITRE ATT&CK”,  October 2021 - https://arxiv.org/abs/2108.11206", "[3] S. Holtmanns, S. P. Rao, I. Oliver, “User location tracking attacks for LTE networks using the interworking functionality”, 2016 IFIP Networking Conference. - https://ieeexplore.ieee.org/document/7497239", "[4] 3GPP TS 23.502 “Procedures for the 5G System (5GS ” - https://www.3gpp.org/DynaReport/23502.htm", "[5] 3GPP TS 23.273 “5G System (5GS Location Services (LCS ” - https://www.3gpp.org/DynaReport/23273.htm", - "https://fight.mitre.org/mitigations/FGM5023", "https://fight.mitre.org/mitigations/FGM5019", - "https://fight.mitre.org/mitigations/M1037" + "https://fight.mitre.org/mitigations/FGM5023", + "https://fight.mitre.org/mitigations/M1037", + "https://fight.mitre.org/techniques/FGT5012.004" ], "status": "Observed in earlier 3GPP generations and expected in 5G.", "subtechnique-of": "FGT5012", @@ -6037,15 +6035,15 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1557.502", "[1] P.Tommassen, “5G Security When Roaming,” iBasis, October 6, 2020 - https://ibasis.com/5g-security-when-roaming/", "[2] “5G System; Public Land Mobile Network (PLMN Interconnection; Stage 3,” 3GPP, TS 29.573 ver.16.9.0, March 2022 - https://www.3gpp.org/DynaReport/29573.htm", "[3] “Security architecture and procedures for 5G System,” 3GPP, TS 33.501 ver. 16.3.0, July 2020, Sec. 13.1.2,13.2 - https://www.3gpp.org/DynaReport/33501.htm", + "https://fight.mitre.org/data%20sources/DS0015", + "https://fight.mitre.org/data%20sources/DS0029", "https://fight.mitre.org/mitigations/M1030", "https://fight.mitre.org/mitigations/M1035", "https://fight.mitre.org/mitigations/M1037", - "https://fight.mitre.org/data%20sources/DS0015", - "https://fight.mitre.org/data%20sources/DS0029" + "https://fight.mitre.org/techniques/FGT1557.502" ], "status": "This is a theoretical behavior in context of 5G systems.", "subtechnique-of": "FGT1557", @@ -6112,9 +6110,9 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5019", "[1] European Union Agency for Cybersecurity (ENISA : “ENISA Threat Landscape for 5G Networks” Report, December 2020. - https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-for-5g-networks", - "[2] S.P. Rao, S. Holtmanns, T. Aura: “Threat modeling framework for mobile communication systems”, May 2020 - https://arxiv.org/abs/2005.05110v1" + "[2] S.P. Rao, S. Holtmanns, T. Aura: “Threat modeling framework for mobile communication systems”, May 2020 - https://arxiv.org/abs/2005.05110v1", + "https://fight.mitre.org/techniques/FGT5019" ], "status": "Observed in earlier 3GPP generations and expected in 5G.", "typecode": "fight_technique" @@ -6169,9 +6167,9 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5019.001", "[1] 3GPP TS 23.003: \"Numbering, Addressing and Identification”, Version 17.6.0, Section 2.2B - https://www.3gpp.org/DynaReport/23003.htm", - "https://fight.mitre.org/mitigations/FGM5022" + "https://fight.mitre.org/mitigations/FGM5022", + "https://fight.mitre.org/techniques/FGT5019.001" ], "status": "This is a theoretical behavior in context of 5G systems.", "subtechnique-of": "FGT5019", @@ -6246,12 +6244,12 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5019.002", "[1] European Union Agency for Cybersecurity (ENISA : “ENISA Threat Landscape for 5G Networks” Report, December 2020. - https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-for-5g-networks", "[2] 3GPP TS 24.301 “Non-Access-Stratum (NAS protocol for Evolved Packet System (EPS ”; Stage 3 - https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=1072", "[3] 3GPP TS 23.003: \"Numbering, Addressing and Identification”, Version 17.6.0, Section 2.2B - https://www.3gpp.org/DynaReport/23003.htm", + "https://fight.mitre.org/data%20sources/FGDS5010", "https://fight.mitre.org/mitigations/FGM5006", - "https://fight.mitre.org/data%20sources/FGDS5010" + "https://fight.mitre.org/techniques/FGT5019.002" ], "status": "This is a theoretical behavior", "subtechnique-of": "FGT5019", @@ -6326,11 +6324,11 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5012.001", "[1] European Union Agency for Cybersecurity (ENISA : “ENISA Threat Landscape for 5G Networks” Report, December 2020. - https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-for-5g-networks", "[2] X. Hu et.al. “A Systematic Analysis Method for 5G Non-Access Stratum Signaling Security”, IEEE Access, August 2019. - https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=8817957", "https://fight.mitre.org/mitigations/FGM5098", - "https://fight.mitre.org/mitigations/FGM5099" + "https://fight.mitre.org/mitigations/FGM5099", + "https://fight.mitre.org/techniques/FGT5012.001" ], "status": "Observed in earlier 3GPP generations and expected in 5G.", "subtechnique-of": "FGT5012", @@ -6420,12 +6418,12 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5012.002", "[1] European Union Agency for Cybersecurity (ENISA : “ENISA Threat Landscape for 5G Networks” Report, December 2020. - https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-for-5g-networks", + "https://fight.mitre.org/data%20sources/FGDS5010", "https://fight.mitre.org/mitigations/FGM5006", "https://fight.mitre.org/mitigations/FGM5096", "https://fight.mitre.org/mitigations/M1041", - "https://fight.mitre.org/data%20sources/FGDS5010" + "https://fight.mitre.org/techniques/FGT5012.002" ], "status": "Observed in earlier 3GPP generations and expected in 5G.", "subtechnique-of": "FGT5012", @@ -6549,7 +6547,6 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1040.501", "[1] European Union Agency for Cybersecurity (ENISA : “ENISA Threat Landscape for 5G Networks” Report, December 2020. - https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-for-5g-networks", "[2] Hu, X. et al: “A Systematic Analysis Method for 5G Non-Access Stratum Signalling Security”, August 2019 - https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=8817957", "[3] 3GPP TS33.501 “Security architecture and procedures for 5G System”. - https://www.3gpp.org/DynaReport/33501.htm", @@ -6557,10 +6554,11 @@ "[5] ACM article, : “Improving 4G/5G air interface security: A survey of existing attacks on different LTE layers”. - https://dl.acm.org/doi/abs/10.1016/j.comnet.2021.108532", "[6] ACM article, Katharina Kohls et al: “Lost traffic encryption: fingerprinting LTE/4G traffic on layer two”. - https://dl.acm.org/doi/10.1145/3317549.3323416", "[7] L. Zhai et al: “Identify What You are Doing: Smartphone Apps Fingerprinting on Cellular Network Traffic”. - https://ieeexplore.ieee.org/document/9631415", + "https://fight.mitre.org/data%20sources/FGDS5010", "https://fight.mitre.org/mitigations/FGM5006", - "https://fight.mitre.org/mitigations/M1041", "https://fight.mitre.org/mitigations/FGM5517", - "https://fight.mitre.org/data%20sources/FGDS5010" + "https://fight.mitre.org/mitigations/M1041", + "https://fight.mitre.org/techniques/FGT1040.501" ], "status": "Observed in earlier 3GPP generations and expected in 5G.", "subtechnique-of": "FGT1040", @@ -6653,11 +6651,11 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1557.501", "[1] European Union Agency for Cybersecurity (ENISA : “ENISA Threat Landscape for 5G Networks” Report, section 4.4, December 2020. - https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-for-5g-networks", "[2] Hu, X. et al: “A Systematic Analysis Method for 5G Non-Access Stratum Signalling Security”, August 2019 - https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=8817957", "[3] 3rd Generation Partnership Project (3GPP TR 33.809: “Study on 5G security enhancements against False Base Stations (FBS ”, Technical Report, v0.18.0, February 2022. - https://www.3gpp.org/DynaReport/33809.htm", - "https://fight.mitre.org/data%20sources/FGDS5002" + "https://fight.mitre.org/data%20sources/FGDS5002", + "https://fight.mitre.org/techniques/FGT1557.501" ], "status": "Observed in earlier 3GPP generations and expected in 5G.", "subtechnique-of": "FGT1557", @@ -6732,12 +6730,12 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1499.501", "[1] Android devices ensnared in DDoS botnet, Feb. 2021 - https://www.zdnet.com/article/android-devices-ensnared-in-ddos-botnet/", "[2] Massive Android DDoS Botnet Derailed, Aug. 2017 - https://www.darkreading.com/attacks-breaches/massive-android-ddos-botnet-derailed", + "https://fight.mitre.org/data%20sources/FGDS5006", "https://fight.mitre.org/mitigations/FGM5007", "https://fight.mitre.org/mitigations/FGM5008", - "https://fight.mitre.org/data%20sources/FGDS5006" + "https://fight.mitre.org/techniques/FGT1499.501" ], "status": "This is a theoretical behavior", "subtechnique-of": "FGT1499", @@ -6815,9 +6813,9 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1499.502", + "https://fight.mitre.org/data%20sources/FGDS5011", "https://fight.mitre.org/mitigations/FGM5093", - "https://fight.mitre.org/data%20sources/FGDS5011" + "https://fight.mitre.org/techniques/FGT1499.502" ], "status": "This is a theoretical behavior", "subtechnique-of": "FGT1499", @@ -6891,13 +6889,13 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5022", "[1] S.P. Rao, S. Holtmanns, T. Aura: “Threat modeling framework for mobile communication systems”, May 2020 - https://arxiv.org/abs/2005.05110v1", "[2] S. Holtmanns, I. Oliver and Y. Miche, “Mobile Subscriber Profile Data Privacy Breach via 4G Diameter Interconnection”, 2017. - https://www.riverpublishers.com/journal_read_html_article.php?j=JICTS/6/3/4", "[3] 3GPP TS 23.502, “Procedures for the 5G System (5GS ; Stage 2 (Release 17 ”, Technical Specification, v17.4.0, March 2022. section 4.11.1.2.2 - https://www.3gpp.org/DynaReport/23502.htm", "[4] 3GPP TS 29.503, “5G System; Unified Data Management Services; Stage 3” - https://www.3gpp.org/DynaReport/29503.htm", + "https://fight.mitre.org/data%20sources/FGDS5011", "https://fight.mitre.org/mitigations/FGM5020", - "https://fight.mitre.org/data%20sources/FGDS5011" + "https://fight.mitre.org/techniques/FGT5022" ], "status": "This is a theoretical behavior in context of 5G systems.", "typecode": "fight_technique" @@ -6978,11 +6976,11 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5027", "[1] AdaptiveMobile Security, \"A Slice in Time: Slicing Security in 5G Core Networks\", 17032021-v1.00 - https://info.adaptivemobile.com/network-slicing-security", + "https://fight.mitre.org/data%20sources/DS0015", "https://fight.mitre.org/mitigations/FGM5003", "https://fight.mitre.org/mitigations/M1020", - "https://fight.mitre.org/data%20sources/DS0015" + "https://fight.mitre.org/techniques/FGT5027" ], "status": "This is a theoretical behavior in context of 5G systems.", "typecode": "fight_technique" @@ -7059,12 +7057,12 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5028", "[1] AdaptiveMobile Security, \"A Slice in Time: Slicing Security in 5G Core Networks\", 17032021-v1.00. - https://info.adaptivemobile.com/network-slicing-security", "[2] 3rd Generation Partnership Project (3GPP TS 29.510, “; Network function repository services; Stage 3”, v17.4.0, Dec 2021. - https://www.3gpp.org/DynaReport/29510.htm", "[3] 3GPP TS 23.502 “Procedures for the 5G System (5GS ; Stage 2” - https://www.3gpp.org/DynaReport/23502.htm", + "https://fight.mitre.org/data%20sources/DS0015", "https://fight.mitre.org/mitigations/FGM5499", - "https://fight.mitre.org/data%20sources/DS0015" + "https://fight.mitre.org/techniques/FGT5028" ], "status": "This is a theoretical behavior in context of 5G systems.", "typecode": "fight_technique" @@ -7126,12 +7124,12 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5025", "[1] European Union Agency for Cybersecurity (ENISA : “ENISA Threat Landscape for 5G Networks” Report, November 2019. - https://www.enisa.europa.eu/publications/enisa-threat-landscape-for-5g-networks", "[2] R. Pell, S. Moschoyiannis, E. Panaousis, R. Heartfield, “Towards dynamic threat modelling in 5G core networks based on MITRE ATT&CK”, October 2021 - https://arxiv.org/abs/2108.11206", - "https://fight.mitre.org/mitigations/FGM5503", "https://fight.mitre.org/data%20sources/FGDS5006", - "https://fight.mitre.org/data%20sources/FGDS5011" + "https://fight.mitre.org/data%20sources/FGDS5011", + "https://fight.mitre.org/mitigations/FGM5503", + "https://fight.mitre.org/techniques/FGT5025" ], "status": "Observed in earlier 3GPP generations and expected in 5G.", "typecode": "fight_technique" @@ -7205,11 +7203,11 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5026", "[1] Martin Brisfors, Sebastian Forsmark, Elena Dubrova: “How Deep Learning Helps Compromising USIM” - https://dl.acm.org/doi/abs/10.1007/978-3-030-68487-7_9", "[2] Jinghao Zhao, Boyan Ding, Yunqi Guo, Zhaowei Tan, Songwu Lu, “SecureSIM: Rethinking Authentication and Access Control for SIM/eSIM” - https://dl.acm.org/doi/pdf/10.1145/3447993.3483254", + "https://fight.mitre.org/data%20sources/FGDS5005", "https://fight.mitre.org/mitigations/M1017", - "https://fight.mitre.org/data%20sources/FGDS5005" + "https://fight.mitre.org/techniques/FGT5026" ], "status": "Observed in earlier 3GPP generations and expected in 5G.", "typecode": "fight_technique" @@ -7301,13 +7299,13 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1557.503", "[1] 3GPP TR 33.926 “Security Assurance Specification (SCAS threats and critical assets in 3GPP network product classes”. - https://www.3gpp.org/DynaReport/33926.htm", "[2] 3GPP TS 33.501 “Security architecture and procedures for 5G System”. - https://www.3gpp.org/DynaReport/33501.htm", + "https://fight.mitre.org/data%20sources/DS0015", + "https://fight.mitre.org/data%20sources/DS0029", "https://fight.mitre.org/mitigations/FGM5024", "https://fight.mitre.org/mitigations/M1041", - "https://fight.mitre.org/data%20sources/DS0015", - "https://fight.mitre.org/data%20sources/DS0029" + "https://fight.mitre.org/techniques/FGT1557.503" ], "status": "This is a theoretical behavior in context of 5G systems.", "subtechnique-of": "FGT1557", @@ -7513,28 +7511,23 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1565.002", - "[1] O-RAN Threat Model 6.00 version - https://orandownloadsweb.azurewebsites.net/specifications", - "[2] O-RAN WG4 Control, User, and Synchronization Plane Specification 12.00 version - https://orandownloadsweb.azurewebsites.net/specifications", - "[3] O-RAN WG4 Management Plane Specification 12.00 version - https://orandownloadsweb.azurewebsites.net/specifications", - "[1] D. Rupprecht, K. Kohls, T. Holtz, and C. Popper, “Breaking LTE on Layer Two” https://alter-attack.net - https://www.gsma.com/security/wp-content/uploads/2023/10/0008-breaking_lte_on_layer_two.pdf", - "[1] 3GPP TR33.926 “Security Assurance Specification (SCAS threats and critical assets in 3GPP network product classes.” - https://www.3gpp.org/DynaReport/33926.htm", - "[2] 3GPP TS33.501 “Security architecture and procedures for 5G System.” - https://www.3gpp.org/DynaReport/33501.htm", - "[3] 3GPP TS 23.501 “System architecture for the 5G System (5GS ” - https://www.3gpp.org/DynaReport/23501.htm", - "[4] 3GPP TS 23.502 “Procedures for the 5G System (5GS ” - https://www.3gpp.org/DynaReport/23502.htm", "[1] 3GPP TR 33.926 “Security Assurance Specification (SCAS threats and critical assets in 3GPP network product classes”. - https://www.3gpp.org/DynaReport/33926.htm", + "[1] 3GPP TR33.926 “Security Assurance Specification (SCAS threats and critical assets in 3GPP network product classes.” - https://www.3gpp.org/DynaReport/33926.htm", + "[1] D. Rupprecht, K. Kohls, T. Holtz, and C. Popper, “Breaking LTE on Layer Two” https://alter-attack.net - https://www.gsma.com/security/wp-content/uploads/2023/10/0008-breaking_lte_on_layer_two.pdf", + "[1] O-RAN Threat Model 6.00 version - https://orandownloadsweb.azurewebsites.net/specifications", "[2] 3GPP TS 33.501 “Security architecture and procedures for 5G System”. - https://www.3gpp.org/DynaReport/33501.htm", + "[2] 3GPP TS33.501 “Security architecture and procedures for 5G System.” - https://www.3gpp.org/DynaReport/33501.htm", + "[2] O-RAN WG4 Control, User, and Synchronization Plane Specification 12.00 version - https://orandownloadsweb.azurewebsites.net/specifications", + "[3] 3GPP TS 23.501 “System architecture for the 5G System (5GS ” - https://www.3gpp.org/DynaReport/23501.htm", "[3] D. Rupprecht, K. Kohls, T. Holtz, and C. Popper, “Breaking LTE on Layer two”, in Proc. IEEE Symposium on Security and Privacy (SP , 2019, pp. 1-16. - https://alter-attack.net/media/breaking_lte_on_layer_two.pdf", - "https://fight.mitre.org/mitigations/FGM5024", - "https://fight.mitre.org/mitigations/FGM5024", - "https://fight.mitre.org/mitigations/M1020", - "https://fight.mitre.org/mitigations/FGM5024", - "https://fight.mitre.org/mitigations/FGM5024", - "https://fight.mitre.org/data%20sources/FGDS5022", - "https://fight.mitre.org/data%20sources/DS0029", + "[3] O-RAN WG4 Management Plane Specification 12.00 version - https://orandownloadsweb.azurewebsites.net/specifications", + "[4] 3GPP TS 23.502 “Procedures for the 5G System (5GS ” - https://www.3gpp.org/DynaReport/23502.htm", "https://fight.mitre.org/data%20sources/DS0029", "https://fight.mitre.org/data%20sources/FGDS5011", - "https://fight.mitre.org/data%20sources/DS0029" + "https://fight.mitre.org/data%20sources/FGDS5022", + "https://fight.mitre.org/mitigations/FGM5024", + "https://fight.mitre.org/mitigations/M1020", + "https://fight.mitre.org/techniques/FGT1565.002" ], "status": "This is an observed behavior in Enterprise networks, and is theoretical in context of 5G systems.", "subtechnique-of": "FGT1565", @@ -7621,10 +7614,10 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5012", "[1] European Union Agency for Cybersecurity (ENISA : “ENISA Threat Landscape for 5G Networks” Report, December 2020. - https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-for-5g-networks", "[2] S.P. Rao, S. Holtmanns, T. Aura: “Threat modeling framework for mobile communication systems”, May 2020 - https://arxiv.org/abs/2005.05110v1", - "[3] S. Tomasin, Stefano & Centenaro, Marco & Seco-Granados, Gonzalo & Roth, Stefan & Sezgin, Aydin. (2021 . Location-Privacy Leakage and Integrated Solutions for 5G Cellular Networks and Beyond. Sensors. 21. 5176. 10.3390/s21155176. - https://www.researchgate.net/publication/353641837_Location-Privacy_Leakage_and_Integrated_Solutions_for_5G_Cellular_Networks_and_Beyond" + "[3] S. Tomasin, Stefano & Centenaro, Marco & Seco-Granados, Gonzalo & Roth, Stefan & Sezgin, Aydin. (2021 . Location-Privacy Leakage and Integrated Solutions for 5G Cellular Networks and Beyond. Sensors. 21. 5176. 10.3390/s21155176. - https://www.researchgate.net/publication/353641837_Location-Privacy_Leakage_and_Integrated_Solutions_for_5G_Cellular_Networks_and_Beyond", + "https://fight.mitre.org/techniques/FGT5012" ], "status": "Observed in earlier 3GPP generations and expected in 5G.", "typecode": "fight_technique" @@ -7686,10 +7679,10 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5012.005", "[1] AdaptiveMobile Security, \"A Slice in Time: Slicing Security in 5G Core Networks\", 17032021-v1.00, March 2021. - https://info.adaptivemobile.com/network-slicing-security", + "https://fight.mitre.org/data%20sources/DS0015", "https://fight.mitre.org/mitigations/FGM5012", - "https://fight.mitre.org/data%20sources/DS0015" + "https://fight.mitre.org/techniques/FGT5012.005" ], "status": "This is a theoretical behavior in context of 5G systems.", "subtechnique-of": "FGT5012", @@ -7769,7 +7762,6 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1557.504", "[1] European Union Agency for Cybersecurity (ENISA : “ENISA Threat Landscape for 5G Networks” Report, December 2020. - https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-for-5g-networks", "[2] 3rd Generation Partnership Project (3GPP TS 33.117, “Catalogue of general security assurance requirements (Release 17 ”, v17.0.0, June 2021. - https://www.3gpp.org/DynaReport/33117.htm", "[3] 3GPP TS 33.310 “Network Domain Security (NDS ; Authentication Framework (AF ” - https://www.3gpp.org/DynaReport/33310.htm", @@ -7778,7 +7770,8 @@ "https://fight.mitre.org/mitigations/FGM5024", "https://fight.mitre.org/mitigations/FGM5095", "https://fight.mitre.org/mitigations/M1041", - "https://fight.mitre.org/mitigations/M1047" + "https://fight.mitre.org/mitigations/M1047", + "https://fight.mitre.org/techniques/FGT1557.504" ], "status": "This is a theoretical behavior", "subtechnique-of": "FGT1557", @@ -7915,14 +7908,14 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1499.503", "[1] European Union Agency for Cybersecurity (ENISA : “ENISA Threat Landscape for 5G Networks” Report, December 2020. - https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-for-5g-networks", "[2] Hu, X. et al: “A Systematic Analysis Method for 5G Non-Access Stratum Signalling Security”, August 2019 - https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=8817957", "[3] 3rd Generation Partnership Project (3GPP TR 33.926: “Security Assurance Specification (SCAS threats and critical assets in 3GPP network product classes”, Technical Report, v17.3.0, December. 2021. - https://www.3gpp.org/DynaReport/33926.htm", "[4] 3rd Generation Partnership Project (3GPP TS 33.501: “Security architecture and procedures for 5G System”, Technical Specification, v17.6.0, June 2022 - https://www.3gpp.org/DynaReport/33501.htm", + "https://fight.mitre.org/data%20sources/FGDS5011", "https://fight.mitre.org/mitigations/FGM5023", "https://fight.mitre.org/mitigations/M1030", - "https://fight.mitre.org/data%20sources/FGDS5011" + "https://fight.mitre.org/techniques/FGT1499.503" ], "status": "This is a theoretical behavior", "subtechnique-of": "FGT1499", @@ -8015,10 +8008,10 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5020", "[1] 3rd Generation Partnership Project (3GPP 23.502 “Procedures for the 5G System (5GS ”, March 2022. - https://www.3gpp.org/DynaReport/23502.htm", + "https://fight.mitre.org/data%20sources/DS0015", "https://fight.mitre.org/mitigations/FGM5033", - "https://fight.mitre.org/data%20sources/DS0015" + "https://fight.mitre.org/techniques/FGT5020" ], "status": "This is a theoretical behavior in context of 5G systems.", "typecode": "fight_technique" @@ -8092,7 +8085,6 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5023", "[1] 3rd Generation Partnership Project (3GPP TR 33.926: “Security Assurance Specification (SCAS threats and critical assets in 3GPP network product classes”, Technical Report, v17.3.0, December. 2021 - https://www.3gpp.org/DynaReport/33926.htm", "[2] European Union Agency for Cybersecurity (ENISA : “ENISA Threat Landscape for 5G Networks” Report, December 2020. - https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-for-5g-networks", "[3] 3GPP TS 32.255 “Telecommunication management; Charging management; 5G data connectivity domain charging; Stage 2” - https://www.3gpp.org/DynaReport/32255.htm", @@ -8100,9 +8092,10 @@ "[5] 3GPP TS 23.503 “Policy and charging control framework for the 5G System (5GS ; Stage 2” - https://www.3gpp.org/DynaReport/23503.htm", "[6] 3GPP TS 29.522 “5G System; Network Exposure Function Northbound APIs; Stage 3” - https://www.3gpp.org/DynaReport/29522.htm", "[7] 3GPP TS 29.122 “T8 reference point for Northbound APIs” - https://www.3gpp.org/DynaReport/29122.htm", + "https://fight.mitre.org/data%20sources/FGDS5003", "https://fight.mitre.org/mitigations/FGM5023", "https://fight.mitre.org/mitigations/FGM5094", - "https://fight.mitre.org/data%20sources/FGDS5003" + "https://fight.mitre.org/techniques/FGT5023" ], "status": "This is a theoretical behavior", "typecode": "fight_technique" @@ -8191,7 +8184,6 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1195.501", "[1] GSMA FS.28 “Security Guidelines for Exchange of UICC Credentials”, Version 1.0, November 2020. - https://www.gsma.com/security/resources/fs-28-security-guidelines-for-exchange-of-uicc-credentials/", "[2] Gemalto article on SIM credential threat: “GEMALTO PRESENTS THE FINDINGS OF ITS INVESTIGATIONS INTO THE ALLEGED HACKING OF SIM CARD ENCRYPTION KEYS BY BRITAIN'S GOVERNMENT COMMUNICATIONS HEADQUARTERS (GCHQ AND THE U.S. NATIONAL SECURITY AGENCY (NSA ”. - https://www.thalesgroup.com/en/markets/digital-identity-and-security/press-release/gemalto-presents-the-findings-of-its-investigations-into-the-alleged-hacking-of-sim-card-encryption-keys", "[3] BBC article: “US and UK accused of hacking Sim card firm to steal codes“. - https://www.bbc.com/news/technology-31545050", @@ -8200,7 +8192,8 @@ "https://fight.mitre.org/mitigations/M1017", "https://fight.mitre.org/mitigations/M1022", "https://fight.mitre.org/mitigations/M1030", - "https://fight.mitre.org/mitigations/M1041" + "https://fight.mitre.org/mitigations/M1041", + "https://fight.mitre.org/techniques/FGT1195.501" ], "status": "Observed in earlier 3GPP generations and expected in 5G.", "subtechnique-of": "FGT1195", @@ -8274,10 +8267,10 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5001", "[1] Dynamic Ciso.com “New Malware Discovered by FireEye APT41, Infects SMS Servers Within Telecoms”, Nov 1, 2019, retrieved March 4, 2022. - https://dynamicciso.com/new-malware-discovered-by-fireeye-apt41infects-sms-servers-within-telecoms", "[2] Leong, Raymond, Perez, Dan & Dean, Tyler, “MESSAGETAP: Who’s Reading Your Text Messages” FireEye. 31 Oct 2019. - https://www.mandiant.com/resources/messagetap-who-is-reading-your-text-messages", - "https://fight.mitre.org/mitigations/M1049" + "https://fight.mitre.org/mitigations/M1049", + "https://fight.mitre.org/techniques/FGT5001" ], "status": "Observed in earlier 3GPP generations and expected in 5G.", "typecode": "fight_technique" @@ -8343,10 +8336,10 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5017", "[1] 3GPP TS 32.291 “Charging management; 5G system, charging service; Stage 3” - https://www.3gpp.org/DynaReport/32291.htm", + "https://fight.mitre.org/data%20sources/FGDS5012", "https://fight.mitre.org/mitigations/FGM5089", - "https://fight.mitre.org/data%20sources/FGDS5012" + "https://fight.mitre.org/techniques/FGT5017" ], "status": "This is a theoretical behavior in context of 5G systems.", "typecode": "fight_technique" @@ -8409,10 +8402,10 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5012.006", "[1] X. Hu et.al. “A Systematic Analysis Method for 5G Non-Access Stratum Signalling Security”, IEEE Access, August 2019. - https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=8817957", "[2] 3rd Generation Partnership Project (3GPP TR 33.809: “Study on 5G security enhancements against False Base Stations (FBS ”, Technical Report, v0.18.0, February 2022. - https://www.3gpp.org/DynaReport/33809.htm", - "https://fight.mitre.org/data%20sources/FGDS5002" + "https://fight.mitre.org/data%20sources/FGDS5002", + "https://fight.mitre.org/techniques/FGT5012.006" ], "status": "Observed in earlier 3GPP generations and expected in 5G.", "subtechnique-of": "FGT5012", @@ -8500,12 +8493,12 @@ "object-type": "technique", "platforms": "O-RAN", "refs": [ - "https://fight.mitre.org/techniques/FGT5032.001", "[1] O-RAN.WG3.RICARCH-R003-v04.00 - https://orandownloadsweb.azurewebsites.net/specifications", "[2] O-RAN.WG2.Non-RT-RIC-ARCH-R003-v03.00 - https://orandownloadsweb.azurewebsites.net/specifications", "[3] O-RAN.WG2.Non-RT-RIC-ARCH-TR-v01.01 - https://orandownloadsweb.azurewebsites.net/specifications", "[4] O-RAN.WG11.Threat-Model.O-R003-v06.00 - https://orandownloadsweb.azurewebsites.net/specifications", - "[5] Federal Office of information Security, Study 5G RAN Risk Analysis - https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/5G/5GRAN-Risk-Analysis.pdf?__blob=publicationFile&v=5" + "[5] Federal Office of information Security, Study 5G RAN Risk Analysis - https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/5G/5GRAN-Risk-Analysis.pdf?__blob=publicationFile&v=5", + "https://fight.mitre.org/techniques/FGT5032.001" ], "status": "This is a theoretical behavior in context of 5G systems.", "subtechnique-of": "FGT5032", @@ -8631,19 +8624,19 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5032.002", "[1] O-RAN Security Threat Model 6.00 version - https://orandownloadsweb.azurewebsites.net/specifications", "[2] O-RAN WG3 Near-RT RIC Architecture 4.00 Version - https://orandownloadsweb.azurewebsites.net/specifications", "[3] Federal Office of information Security, Study 5G RAN Risk Analysis - https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/5G/5GRAN-Risk-Analysis.pdf?__blob=publicationFile&v=5", + "https://fight.mitre.org/data%20sources/DS0015", + "https://fight.mitre.org/data%20sources/DS0022", + "https://fight.mitre.org/data%20sources/DS0025", + "https://fight.mitre.org/data%20sources/FGDS5015", + "https://fight.mitre.org/mitigations/M1025", "https://fight.mitre.org/mitigations/M1033", "https://fight.mitre.org/mitigations/M1035", "https://fight.mitre.org/mitigations/M1043", "https://fight.mitre.org/mitigations/M1045", - "https://fight.mitre.org/mitigations/M1025", - "https://fight.mitre.org/data%20sources/DS0015", - "https://fight.mitre.org/data%20sources/DS0022", - "https://fight.mitre.org/data%20sources/DS0025", - "https://fight.mitre.org/data%20sources/FGDS5015" + "https://fight.mitre.org/techniques/FGT5032.002" ], "status": "This is a theoretical behavior in context of 5G systems.", "subtechnique-of": "FGT5032", @@ -8805,20 +8798,20 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5032.003", "[1] O-RAN WG11 Threat Model O-R003-v06.00 - https://orandownloadsweb.azurewebsites.net/specifications", "[2] O-RAN WG2 Non-RT RIC Architecture 3.00 version - https://orandownloadsweb.azurewebsites.net/specifications", "[3] O-RAN WG2 Non-RT RIC Technical Report 1.01 version - https://orandownloadsweb.azurewebsites.net/specifications", "[4] Federal Office of information Security, Study 5G RAN Risk Analysis - https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/5G/5GRAN-Risk-Analysis.pdf?__blob=publicationFile&v=5", + "https://fight.mitre.org/data%20sources/DS0015", + "https://fight.mitre.org/data%20sources/DS0022", + "https://fight.mitre.org/data%20sources/DS0025", + "https://fight.mitre.org/data%20sources/FGDS5015", + "https://fight.mitre.org/mitigations/M1025", "https://fight.mitre.org/mitigations/M1033", "https://fight.mitre.org/mitigations/M1035", "https://fight.mitre.org/mitigations/M1043", "https://fight.mitre.org/mitigations/M1045", - "https://fight.mitre.org/mitigations/M1025", - "https://fight.mitre.org/data%20sources/DS0015", - "https://fight.mitre.org/data%20sources/DS0022", - "https://fight.mitre.org/data%20sources/DS0025", - "https://fight.mitre.org/data%20sources/FGDS5015" + "https://fight.mitre.org/techniques/FGT5032.003" ], "status": "This is a theoretical behavior in context of 5G systems.", "subtechnique-of": "FGT5032", @@ -8926,10 +8919,10 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5019.003", "[1] 3rd Generation Partnership Project (3GPP TS 23.502, “Procedures for the 5G System (5GS ; Stage 2 (Release 17 ”, v17.4.0, March 2022. - https://www.3gpp.org/DynaReport/23502.htm", + "https://fight.mitre.org/data%20sources/DS0015", "https://fight.mitre.org/mitigations/FGM5019", - "https://fight.mitre.org/data%20sources/DS0015" + "https://fight.mitre.org/techniques/FGT5019.003" ], "status": "This is a theoretical behavior in context of 5G systems.", "subtechnique-of": "FGT5019", @@ -9027,15 +9020,15 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1572", "[1] “Bhadhra Framework”: S.P. Rao, S. Holtmanns, T. Aura, “Threat modeling framework for mobile communication systems” - https://arxiv.org/pdf/2005.05110.pdf", "[2] Peng, C., Li, C., Tu, G., Lu, S., & Zhang, L. (2012 . Mobile data charging: new attacks and countermeasures. Proceedings of the 2012 ACM conference on Computer and communications security. - https://dl.acm.org/doi/pdf/10.1145/2382196.2382220", "[3] Merve Sahin, Aurelien Francillon, Payas Gupta, and Mustaque Ahamad. 2017. \n“Sok: Fraud in telephony networks”. In 2017 IEEE European Symposium on Security\nand Privacy (EuroS&P . IEEE, p235–250 - https://ieeexplore.ieee.org/document/7961983", "[4] Kui Xu, Patrick Butler, Sudip Saha, Danfeng (Daphni Yao in DNS CC Journal, “DNS for Massive-Scale Command and Control” - https://people.cs.vt.edu/~danfeng/papers/DNS-CC-JOURNAL.pdf", + "https://fight.mitre.org/data%20sources/DS0029", "https://fight.mitre.org/mitigations/FGM5024", "https://fight.mitre.org/mitigations/M1031", "https://fight.mitre.org/mitigations/M1037", - "https://fight.mitre.org/data%20sources/DS0029" + "https://fight.mitre.org/techniques/FGT1572" ], "status": "This is an observed behavior in Enterprise networks, and is theoretical in context of 5G systems.", "typecode": "attack_technique_addendum" @@ -9088,14 +9081,14 @@ "object-type": "technique", "platforms": "5G radio", "refs": [ - "https://fight.mitre.org/techniques/FGT1583.501", "[1] European Union Agency for Cybersecurity (ENISA : “ENISA Threat Landscape for 5G Networks” Report, December 2020. - https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-for-5g-networks", "[2] 3rd Generation Partnership Project (3GPP TR 33.809: “Study on 5G security enhancements against False Base Stations (FBS ”, Technical Report, v0.18.0, February 2022. - https://www.3gpp.org/DynaReport/33809.htm", "[3] Cablelabs article “False Base Station or IMSI Catcher: What You Need to Know” - https://www.cablelabs.com/blog/false-base-station-or-imsi-catcher-what-you-need-to-know", "[4] Open source O-RAN 5G CU/DU solution from Software Radio Systems (SRS - https://github.com/srsran/srsRAN_Project", "[5] Open Air Interface project source code - https://gitlab.eurecom.fr/oai/openairinterface5g/", + "https://fight.mitre.org/data%20sources/FGDS5002", "https://fight.mitre.org/mitigations/M1056", - "https://fight.mitre.org/data%20sources/FGDS5002" + "https://fight.mitre.org/techniques/FGT1583.501" ], "status": "Observed in earlier 3GPP generations and expected in 5G.", "subtechnique-of": "FGT1583", @@ -9185,10 +9178,10 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5009", "[1] European Union Agency for Cybersecurity (ENISA : “ENISA Threat Landscape for 5G Networks” Report, December 2020. - https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-for-5g-networks", + "https://fight.mitre.org/data%20sources/DS0029", "https://fight.mitre.org/mitigations/M1047", - "https://fight.mitre.org/data%20sources/DS0029" + "https://fight.mitre.org/techniques/FGT5009" ], "status": "This is a theoretical behavior", "typecode": "fight_technique" @@ -9298,17 +9291,17 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5009.001", "[1] 3GPP TR 33.926 “Security Assurance Specification (SCAS threats and critical assets in 3GPP network product classes”, v17.4.0, June 2022 - https://www.3gpp.org/DynaReport/33926.htm", "[2] 3GPP TS 33.501 “Security architecture and procedures for 5G System”, v 17.6.0, June 2022 - https://www.3gpp.org/DynaReport/33501.htm", "[3] 3GPP TS 23.502 “Procedures for the 5G System (5GS ”, v17.5.0, June 2022 - https://www.3gpp.org/DynaReport/23502.htm", - "https://fight.mitre.org/mitigations/FGM5024", + "https://fight.mitre.org/data%20sources/DS0015", + "https://fight.mitre.org/data%20sources/DS0029", "https://fight.mitre.org/mitigations/FGM5006", + "https://fight.mitre.org/mitigations/FGM5024", "https://fight.mitre.org/mitigations/M1018", "https://fight.mitre.org/mitigations/M1031", "https://fight.mitre.org/mitigations/M1043", - "https://fight.mitre.org/data%20sources/DS0015", - "https://fight.mitre.org/data%20sources/DS0029" + "https://fight.mitre.org/techniques/FGT5009.001" ], "status": "This is a theoretical behavior", "subtechnique-of": "FGT5009", @@ -9409,14 +9402,14 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1190", "[1] European Union Agency for Cybersecurity (ENISA : “ENISA Threat Landscape for 5G Networks” Report, December 2020. - https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-for-5g-networks", "[2] R. Pell, S. Moschoyiannis, E. Panaousis, R. Heartfield, “Towards dynamic threat modelling in 5G core networks based on MITRE ATT&CK”, October 2021 - https://arxiv.org/abs/2108.11206", "[3] TOP 7 REST API Security Threats, blog January 2019 - https://blog.restcase.com/top-7-rest-api-security-threats/", "[4] 3GPP TS 29.522: “Network Exposure Function Northbound APIs; Stage 3” - https://www.3gpp.org/DynaReport/29522.htm", "[5] “System architecture for the 5G System (5GS ,”TS 23.501, 3GPP, Sec. 4.2.3 - https://www.3gpp.org/DynaReport/23501.htm", "https://fight.mitre.org/mitigations/M1016", - "https://fight.mitre.org/mitigations/M1050" + "https://fight.mitre.org/mitigations/M1050", + "https://fight.mitre.org/techniques/FGT1190" ], "status": "This is an observed behavior in Enterprise networks, and is theoretical in context of 5G systems.", "typecode": "attack_technique_addendum" @@ -9560,23 +9553,15 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1499", "[1] European Union Agency for Cybersecurity (ENISA : “ENISA Threat Landscape for 5G Networks” Report, December 2020. - https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-for-5g-networks", "[2] R. Pell, S. Moschoyiannis, E. Panaousis, R. Heartfield, “Towards dynamic threat modelling in 5G core networks based on MITRE ATT&CK”, October 2021 - https://arxiv.org/abs/2108.11206", "[3] TOP 7 REST API Security Threats, blog January 2019 - https://blog.restcase.com/top-7-rest-api-security-threats/", - "[1] European Union Agency for Cybersecurity (ENISA : “ENISA Threat Landscape for 5G Networks” Report, December 2020. - https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-for-5g-networks", - "[2] R. Pell, S. Moschoyiannis, E. Panaousis, R. Heartfield, “Towards dynamic threat modelling in 5G core networks based on MITRE ATT&CK”, October 2021 - https://arxiv.org/abs/2108.11206", - "[3] TOP 7 REST API Security Threats, blog January 2019 - https://blog.restcase.com/top-7-rest-api-security-threats/", - "https://fight.mitre.org/mitigations/M1016", - "https://fight.mitre.org/mitigations/M1037", - "https://fight.mitre.org/mitigations/M1050", - "https://fight.mitre.org/mitigations/M1016", - "https://fight.mitre.org/mitigations/M1037", - "https://fight.mitre.org/mitigations/M1050", "https://fight.mitre.org/data%20sources/DS0015", "https://fight.mitre.org/data%20sources/DS0029", - "https://fight.mitre.org/data%20sources/DS0015", - "https://fight.mitre.org/data%20sources/DS0029" + "https://fight.mitre.org/mitigations/M1016", + "https://fight.mitre.org/mitigations/M1037", + "https://fight.mitre.org/mitigations/M1050", + "https://fight.mitre.org/techniques/FGT1499" ], "status": "This is an observed behavior in Enterprise networks, and is theoretical in context of 5G systems.", "typecode": "attack_technique_addendum" @@ -9652,14 +9637,14 @@ "object-type": "technique", "platforms": "RAN, RAN", "refs": [ - "https://fight.mitre.org/techniques/FGT1588", + "[1] Adrian Dabrowski, Nicola Pianta, Thomas Klepp, Martin Mulazzani, and Edgar Weippl. “IMSI-catch me if you can: IMSI-catcher-catchers”. Proceedings of the 30th annual computer security applications Conference, pages 246–255, 2014. - https://its-wiki.no/images/f/fb/Dabrowski_ISMI_Catch_me_Catchers.pdf", "[1] SMS Deliverer, “PING/Silent SMS”. - https://www.smsdeliverer.com/onlinehelp/interface/pingsms/", "[2] Information Security Newspaper, “How to hack and track anybody’s phone location via silent SMS messages”. - https://www.securitynewspaper.com/2023/06/20/how-to-hack-track-anybodys-phone-location-via-silent-sms-messages/", - "[1] Adrian Dabrowski, Nicola Pianta, Thomas Klepp, Martin Mulazzani, and Edgar Weippl. “IMSI-catch me if you can: IMSI-catcher-catchers”. Proceedings of the 30th annual computer security applications Conference, pages 246–255, 2014. - https://its-wiki.no/images/f/fb/Dabrowski_ISMI_Catch_me_Catchers.pdf", "[2] Ravishankar Borgaonkar, Altaf Shaik, “5G IMSI Catchers Mirage”, Blackhat USA Conference 2021. - https://blackhat.com/us-21/briefings/schedule/#g-imsi-catchers-mirage-23538", "[3] “HOW COPS CAN SECRETLY TRACK YOUR PHONE”, The Intercept, online article, July 31, 2021. Accessed 6/22/2022. - https://theintercept.com/2020/07/31/protests-surveillance-stingrays-dirtboxes-phone-tracking/", "[4] A Knight, Brier & Thorn, “Hacking GSM: Building a Rogue Base Station to Hack Cellular Devices,” Online Article. Accessed 6/22/2022. - https://www.brierandthorn.com/post/hacking-gsm-building-a-rogue-base-station-to-hack-cellular-devices", - "https://fight.mitre.org/mitigations/M1056" + "https://fight.mitre.org/mitigations/M1056", + "https://fight.mitre.org/techniques/FGT1588" ], "status": "This is an observed behavior in Enterprise networks, and is theoretical in context of 5G systems.", "typecode": "attack_technique_addendum" @@ -9698,9 +9683,9 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1583.502", "[1] Hu, X. et al: “A Systematic Analysis Method for 5G Non-Access Stratum Signalling Security”, August 2019 - https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=8817957", - "[2] Ericsson: “Detecting false base stations in mobile networks” - https://www.ericsson.com/en/blog/2018/6/detecting-false-base-stations-in-mobile-networks" + "[2] Ericsson: “Detecting false base stations in mobile networks” - https://www.ericsson.com/en/blog/2018/6/detecting-false-base-stations-in-mobile-networks", + "https://fight.mitre.org/techniques/FGT1583.502" ], "status": "This is a theoretical behavior", "subtechnique-of": "FGT1583", @@ -9746,10 +9731,10 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1608.501", "[1] European Union Agency for Cybersecurity (ENISA : “ENISA Threat Landscape for 5G Networks” Report, December 2020. - https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-for-5g-networks", "[2] 3rd Generation Partnership Project (3GPP TR 33.809: “Study on 5G security enhancements against False Base Stations (FBS ”, Technical Report, v0.18.0, February 2022. - https://www.3gpp.org/DynaReport/33809.htm", - "https://fight.mitre.org/data%20sources/FGDS5002" + "https://fight.mitre.org/data%20sources/FGDS5002", + "https://fight.mitre.org/techniques/FGT1608.501" ], "status": "This is a theoretical behavior", "subtechnique-of": "FGT1608", @@ -9826,17 +9811,17 @@ "object-type": "technique", "platforms": "Slice, CSP", "refs": [ - "https://fight.mitre.org/techniques/FGT1498.502", "[1] ETSI NFV SEC026 Isolation and trust domain specification, section 4.2.3, Accessed 6/27/2022 - https://docbox.etsi.org/ISG/NFV/Open/Drafts/SEC026_Isolation_and_trust_domain", "[2] GSMA Official Document NG.126 - Cloud Infrastructure Reference Model_NG.126-v1.0-2, Accessed 6/27/2022 - https://www.gsma.com/newsroom/wp-content/uploads//NG.126-v1.0-2.pdf", "[3] R. Pell, S. Moschoyiannis, E. Panaousis, R. Heartfield, “Towards dynamic threat modelling in 5G core networks based on MITRE ATT&CK”,  October 2021 - https://arxiv.org/abs/2108.11206", "[4] NGMN: \n5G Security Recommendation Package #2 Network Slicing, Accessed 6/27/2022 - https://www.ngmn.org/publications/5g-security-recommendations-package-2-network-slicing.html", - "https://fight.mitre.org/mitigations/FGM5005", - "https://fight.mitre.org/mitigations/M1030", - "https://fight.mitre.org/mitigations/FGM5518", "https://fight.mitre.org/data%20sources/DS0013", "https://fight.mitre.org/data%20sources/FGDS5012", - "https://fight.mitre.org/data%20sources/FGDS5023" + "https://fight.mitre.org/data%20sources/FGDS5023", + "https://fight.mitre.org/mitigations/FGM5005", + "https://fight.mitre.org/mitigations/FGM5518", + "https://fight.mitre.org/mitigations/M1030", + "https://fight.mitre.org/techniques/FGT1498.502" ], "status": "This is a theoretical behavior in context of 5G systems.", "subtechnique-of": "FGT1498", @@ -9923,11 +9908,11 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1048.003", "[1] “Bhadra framework”: S.P. Rao, S. Holtmanns, T. Aura, “Threat modeling framework for mobile communication systems,” Retrieved April 28, 2022 - https://arxiv.org/pdf/2005.05110.pdf", - "https://fight.mitre.org/mitigations/M1037", "https://fight.mitre.org/data%20sources/DS0015", - "https://fight.mitre.org/data%20sources/DS0029" + "https://fight.mitre.org/data%20sources/DS0029", + "https://fight.mitre.org/mitigations/M1037", + "https://fight.mitre.org/techniques/FGT1048.003" ], "status": "This is an observed behavior in Enterprise networks, and is theoretical in context of 5G systems.", "subtechnique-of": "FGT1048", @@ -10002,10 +9987,10 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1048", "[1] R. Pell, S. Moschoyiannis, E. Panaousis, R. Heartfield, “Towards dynamic threat modelling in 5G core networks based on MITRE ATT&CK”, October 2021 - https://arxiv.org/abs/2108.11206", + "https://fight.mitre.org/data%20sources/DS0029", "https://fight.mitre.org/mitigations/M1037", - "https://fight.mitre.org/data%20sources/DS0029" + "https://fight.mitre.org/techniques/FGT1048" ], "status": "This is an observed behavior in Enterprise networks, and is theoretical in context of 5G systems.", "typecode": "attack_technique_addendum" @@ -10068,13 +10053,13 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1583", "[1] S. Sahoo, S. K. Mishra, B. Sahoo & A. K. Turuk, “Co-resident Attack in Cloud Computing: An Overview”, Encyclopedia of Big Data Technologies, March 2018 - https://link.springer.com/content/pdf/10.1007%2F978-3-319-63962-8_322-1.pdf", "[2] T. Ristenpart, E. Tromer, H. Shacham, S. Savage, “Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds”, In CCS '09: Proceedings of the 16th ACM conference on Computer and communications security, November 2009 Pages 199–212 - https://dl.acm.org/doi/10.1145/1653662.1653687", "https://fight.mitre.org/mitigations/FGM5504", "https://fight.mitre.org/mitigations/FGM5505", "https://fight.mitre.org/mitigations/M1030", - "https://fight.mitre.org/mitigations/M1041" + "https://fight.mitre.org/mitigations/M1041", + "https://fight.mitre.org/techniques/FGT1583" ], "status": "This is an observed behavior in Enterprise networks, and is theoretical in context of 5G systems.", "typecode": "attack_technique_addendum" @@ -10218,17 +10203,17 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5009.002", "[1] 3GPP TR33.926 “Security Assurance Specification (SCAS threats and critical assets in 3GPP network product classes.” - https://www.3gpp.org/DynaReport/33926.htm", "[2] 3GPP TS33.501 “Security architecture and procedures for 5G System.” - https://www.3gpp.org/DynaReport/33501.htm", + "https://fight.mitre.org/data%20sources/DS0015", + "https://fight.mitre.org/data%20sources/DS0029", "https://fight.mitre.org/mitigations/FGM5024", "https://fight.mitre.org/mitigations/M1018", "https://fight.mitre.org/mitigations/M1031", "https://fight.mitre.org/mitigations/M1043", "https://fight.mitre.org/mitigations/M1046", "https://fight.mitre.org/mitigations/M1051", - "https://fight.mitre.org/data%20sources/DS0015", - "https://fight.mitre.org/data%20sources/DS0029" + "https://fight.mitre.org/techniques/FGT5009.002" ], "status": "This is a theoretical behavior in context of 5G systems.", "subtechnique-of": "FGT5009", @@ -10385,17 +10370,17 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1600.502", "[1] 3GPP TR 33.926 “Security Assurance Specification (SCAS threats and critical assets in 3GPP network product classes”. - https://www.3gpp.org/DynaReport/33926.htm", "[2] 3GPP TS 33.501 “Security architecture and procedures for 5G System”. - https://www.3gpp.org/DynaReport/33501.htm", + "https://fight.mitre.org/data%20sources/DS0015", + "https://fight.mitre.org/data%20sources/DS0029", "https://fight.mitre.org/mitigations/M1018", "https://fight.mitre.org/mitigations/M1031", "https://fight.mitre.org/mitigations/M1041", "https://fight.mitre.org/mitigations/M1043", "https://fight.mitre.org/mitigations/M1046", "https://fight.mitre.org/mitigations/M1051", - "https://fight.mitre.org/data%20sources/DS0015", - "https://fight.mitre.org/data%20sources/DS0029" + "https://fight.mitre.org/techniques/FGT1600.502" ], "status": "This is a theoretical behavior in context of 5G systems.", "subtechnique-of": "FGT1600", @@ -10509,13 +10494,13 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1195.502", "[1] 3GPP TS 23.501 “System architecture for the 5G System (5GS ; Stage 2 (Release 17 ” - https://www.3gpp.org/DynaReport/23501.htm", "[2] 3GPP TS 23.558: “\nArchitecture for enabling Edge Applications” - https://www.3gpp.org/DynaReport/23558.htm", "[3] 3GPP TS 23.548: “5G System Enhancements for Edge Computing; Stage 2” - https://www.3gpp.org/DynaReport/23548.htm", "[4] ETSI, White Paper No. 28, “MEC in 5G networks” - https://www.etsi.org/images/files/ETSIWhitePapers/etsi_wp28_mec_in_5G_FINAL.pdf", + "https://fight.mitre.org/mitigations/FGM5519", "https://fight.mitre.org/mitigations/M0817", - "https://fight.mitre.org/mitigations/FGM5519" + "https://fight.mitre.org/techniques/FGT1195.502" ], "status": "This is a theoretical behavior in context of 5G systems.", "subtechnique-of": "FGT1195", @@ -10609,13 +10594,13 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5019.004", "[1] 3GPP TS 33.501 \" Security architecture and procedures for 5G system” - https://www.3gpp.org/DynaReport/33501.htm", - "https://fight.mitre.org/mitigations/M1041", - "https://fight.mitre.org/mitigations/FGM5514", "https://fight.mitre.org/data%20sources/FGDS5017", "https://fight.mitre.org/data%20sources/FGDS5018", - "https://fight.mitre.org/data%20sources/FGDS5019" + "https://fight.mitre.org/data%20sources/FGDS5019", + "https://fight.mitre.org/mitigations/FGM5514", + "https://fight.mitre.org/mitigations/M1041", + "https://fight.mitre.org/techniques/FGT5019.004" ], "status": "This is a theoretical behavior", "subtechnique-of": "FGT5019", @@ -10727,18 +10712,18 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5029", "[1] “5G Security Assurance Specification (SCAS for the Security Edge Protection Proxy (SEPP network product class,“ TS 33.517 ver. 17.0.0, 3rd Generation Partnership Project (3GPP , Sec. 4.2.3.3-4.4, Jun. 2021 - https://www.3gpp.org/DynaReport/33517.htm", "[2] R. Pell, S. Moschoyiannis, E. Panaousis, R. Heartfield, “Towards dynamic threat modelling in 5G core networks based on MITRE ATT&CK”, October 2021 - https://arxiv.org/abs/2108.11206", "[3] “Security Edge Protection Proxy (SEPP ,” Broadforward, Amersfoort, Netherlands, Accessed: May 17, 2022 - https://www.broadforward.com/security-edge-protection-proxy/", "[4] “Security Assurance Specification (SCAS threats and critical assets in 3GPP network product classes,“ TR 33.926, 3GPP, Sec. 5.3.7.2. - https://www.3gpp.org/DynaReport/33926.htm", "[5] “System architecture for the 5G System (5GS ,”TS 23.501, 3GPP, Sec. 4.2.8.2, 4.3.1, 4.3.2 - https://www.3gpp.org/DynaReport/23501.htm", + "https://fight.mitre.org/data%20sources/DS0015", + "https://fight.mitre.org/data%20sources/DS0028", + "https://fight.mitre.org/data%20sources/DS0029", "https://fight.mitre.org/mitigations/FGM5010", "https://fight.mitre.org/mitigations/M1050", "https://fight.mitre.org/mitigations/M1051", - "https://fight.mitre.org/data%20sources/DS0015", - "https://fight.mitre.org/data%20sources/DS0028", - "https://fight.mitre.org/data%20sources/DS0029" + "https://fight.mitre.org/techniques/FGT5029" ], "status": "This is a theoretical behavior in context of 5G systems.", "typecode": "fight_technique" @@ -10800,8 +10785,8 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1203.501", - "[1] M.Grassi & X. Chen, “Over The Air Baseband Exploit: Gaining Remote\nCode Execution on 5G Smartphones,” retrieved May 16, 2023 - https://dl.acm.org/doi/abs/10.1145/3395351.3399360" + "[1] M.Grassi & X. Chen, “Over The Air Baseband Exploit: Gaining Remote\nCode Execution on 5G Smartphones,” retrieved May 16, 2023 - https://dl.acm.org/doi/abs/10.1145/3395351.3399360", + "https://fight.mitre.org/techniques/FGT1203.501" ], "status": "This a 5G relevant behavior that has been demonstrated in a successful proof of concept", "subtechnique-of": "FGT1203", @@ -10838,8 +10823,8 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1203.502", - "[1] Imtiaz Karim, Fabrizio Cicala, Syed Rafiul Hussain, Omar Chowdhury, and Elisa Bertino. 2020. ATFuzzer: Dynamic Analysis Framework of AT Interface for Android Smartphones. Digital Threats 1, 4, Article 23 (December 2020 - https://dl.acm.org/doi/10.1145/3416125" + "[1] Imtiaz Karim, Fabrizio Cicala, Syed Rafiul Hussain, Omar Chowdhury, and Elisa Bertino. 2020. ATFuzzer: Dynamic Analysis Framework of AT Interface for Android Smartphones. Digital Threats 1, 4, Article 23 (December 2020 - https://dl.acm.org/doi/10.1145/3416125", + "https://fight.mitre.org/techniques/FGT1203.502" ], "status": "This is a theoretical behavior in context of 5G systems.", "subtechnique-of": "FGT1203", @@ -10891,10 +10876,10 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1587.004", "[1] M.Grassi and X. Chen, “Over The Air Baseband Exploit: Gaining Remote\nCode Execution on 5G Smartphones, Retrieved May 16, 2023 - https://keenlab.tencent.com/zh/whitepapers/us-21-Over-The-Air-Baseband-Exploit-Gaining-Remote-Code-Execution-on-5G-Smartphones-wp.pdf", "[2] I.Karim, F.Cicala, et.al.,“ATFuzzer: Dynamic Analysis Framework of AT Interface\nfor Android Smartphones,” Retrieved May 16, 2023 - https://dl.acm.org/doi/pdf/10.1145/3416125", - "https://fight.mitre.org/data%20sources/DS0008" + "https://fight.mitre.org/data%20sources/DS0008", + "https://fight.mitre.org/techniques/FGT1587.004" ], "status": "This is an observed behavior in Enterprise networks, and is theoretical in context of 5G systems.", "subtechnique-of": "FGT1587", @@ -10935,9 +10920,9 @@ "object-type": "technique", "platforms": "5G", "refs": [ - "https://fight.mitre.org/techniques/FGT1587.501", "[1] M.Grassi and X. Chen, “Over The Air Baseband Exploit: Gaining Remote Code Execution on 5G Smartphones”, Retrieved May 16, 2023. - https://keenlab.tencent.com/zh/whitepapers/us-21-Over-The-Air-Baseband-Exploit-Gaining-Remote-Code-Execution-on-5G-Smartphones-wp.pdf", - "https://fight.mitre.org/mitigations/M1056" + "https://fight.mitre.org/mitigations/M1056", + "https://fight.mitre.org/techniques/FGT1587.501" ], "status": "This a 5G relevant behavior that has been demonstrated in a successful proof of concept", "subtechnique-of": "FGT1587", @@ -10984,11 +10969,11 @@ "object-type": "technique", "platforms": "5G", "refs": [ - "https://fight.mitre.org/techniques/FGT1583.508", "[1] “NSO offered ‘bags of cash’ for access to U.S. cell networks, whistleblower claims,” Washington Post. Accessed: Apr. 11, 2023.Online]. - https://www.washingtonpost.com/technology/2022/02/01/nso-pegasus-bags-of-cash-fbi/", "[2] “NSO Group's Recent Difficulties Could Shape the Future of the Spyware Industry,” Infosecurity Magazine, Access: Sep. 11, 2011.online] - https://www.infosecurity-magazine.com/news-features/nso-groups-difficulties-spyware/", + "https://fight.mitre.org/data%20sources/DS0018", "https://fight.mitre.org/mitigations/M1037", - "https://fight.mitre.org/data%20sources/DS0018" + "https://fight.mitre.org/techniques/FGT1583.508" ], "status": "This is a theoretical behavior in context of 5G systems.", "subtechnique-of": "FGT1583", @@ -11077,14 +11062,14 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1572.501", "[1] Trend Micro article: “Outside Looking In: How a Packet Reflection Vulnerability Could Allow Attackers to Infiltrate Internal 5G Networks” - https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/plague-private-5g-networks", "[2] A10 Networks article: “GTP FIREWALL IN 4G AND 5G MOBILE NETWORKS STRONG PROTECTION FOR ALL GTP INTERFACES”. - https://www.a10networks.com/wp-content/uploads/A10-SB-19202-EN.pdf", + "https://fight.mitre.org/data%20sources/DS0029", + "https://fight.mitre.org/data%20sources/FGDS5016", "https://fight.mitre.org/mitigations/FGM5498", "https://fight.mitre.org/mitigations/M1031", "https://fight.mitre.org/mitigations/M1041", - "https://fight.mitre.org/data%20sources/DS0029", - "https://fight.mitre.org/data%20sources/FGDS5016" + "https://fight.mitre.org/techniques/FGT1572.501" ], "status": "This is a theoretical behavior", "subtechnique-of": "FGT1572", @@ -11184,14 +11169,14 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5031", "[1] TrendMicro publication: “A Deep Dive into the Packet Reflection Vulnerability Allowing Attackers to Plague Private 5G Networks - Security News.” - https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/plague-private-5g-networks", - "https://fight.mitre.org/mitigations/M1031", - "https://fight.mitre.org/mitigations/M1041", + "https://fight.mitre.org/data%20sources/DS0029", + "https://fight.mitre.org/data%20sources/FGDS5016", "https://fight.mitre.org/mitigations/FGM5507", "https://fight.mitre.org/mitigations/FGM5508", - "https://fight.mitre.org/data%20sources/DS0029", - "https://fight.mitre.org/data%20sources/FGDS5016" + "https://fight.mitre.org/mitigations/M1031", + "https://fight.mitre.org/mitigations/M1041", + "https://fight.mitre.org/techniques/FGT5031" ], "status": "This a 5G relevant behavior that has been demonstrated in a successful proof of concept", "typecode": "fight_technique" @@ -11286,14 +11271,14 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1498.503", "[1] Github post: “[NAS] fix the security issue (ZDI-CAN-14043 ” - https://github.com/open5gs/open5gs/commit/00c96a3f0ffd12c4330bee9a3f9596f8e4b86b6f", "[2] CVE-2021-44081: “A buffer overflow vulnerability exists in the AMF of open5gs 2.1.4. When the length of MSIN in Supi exceeds 24 characters, it leads to AMF denial of service.” - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44081", "[3] CVE-2022-43677: “A crafted malformed NGAP message can crash AMF and NGAP decoder”. - https://github.com/free5gc/free5gc/issues/402", + "https://fight.mitre.org/data%20sources/DS0029", + "https://fight.mitre.org/data%20sources/FGDS5015", "https://fight.mitre.org/mitigations/FGM5511", "https://fight.mitre.org/mitigations/FGM5512", - "https://fight.mitre.org/data%20sources/DS0029", - "https://fight.mitre.org/data%20sources/FGDS5015" + "https://fight.mitre.org/techniques/FGT1498.503" ], "status": "This a 5G relevant behavior that has been demonstrated in a successful proof of concept", "subtechnique-of": "FGT1498", @@ -11375,9 +11360,9 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1599.505", + "https://fight.mitre.org/data%20sources/DS0029", "https://fight.mitre.org/mitigations/FGM5510", - "https://fight.mitre.org/data%20sources/DS0029" + "https://fight.mitre.org/techniques/FGT1599.505" ], "status": "This is a theoretical behavior", "subtechnique-of": "FGT1599", @@ -11462,14 +11447,14 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5012.008", "[1] International Conference on Cyber Conflict 2016: “We know where you are\". - https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7529440", "[2] Positive Technologies article: “Next Generation Networks, Next Level Cyber Security Problems”. - https://www.ptsecurity.com/upload/iblock/a8e/diameter_research.pdf", "[3] Broadforward’s SS7/MAP Firewall - https://www.broadforward.com/ss7-firewall-ss7fw/", "[4] GSMA IR.88 “EPS Roaming Guidelines”. - https://www.gsma.com/newsroom/wp-content/uploads/IR.88-v22.0.pdf", + "https://fight.mitre.org/data%20sources/DS0029", "https://fight.mitre.org/mitigations/FGM5004", "https://fight.mitre.org/mitigations/FGM5513", - "https://fight.mitre.org/data%20sources/DS0029" + "https://fight.mitre.org/techniques/FGT5012.008" ], "status": "Observed in earlier 3GPP generations and expected in 5G.", "subtechnique-of": "FGT5012", @@ -11558,14 +11543,14 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5019.005", "[1] International Conference on Cyber Conflict 2016: “We know where you are\". - https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7529440", "[2] Positive Technologies article: “Next Generation Networks, Next Level Cyber Security Problems” - https://www.ptsecurity.com/upload/iblock/a8e/diameter_research.pdf", "[3] Broadforward’s SS7/MAP Firewall - https://www.broadforward.com/ss7-firewall-ss7fw/", "[4] GSMA IR.88 “EPS Roaming Guidelines”. - https://www.gsma.com/newsroom/wp-content/uploads/IR.88-v22.0.pdf", + "https://fight.mitre.org/data%20sources/DS0029", "https://fight.mitre.org/mitigations/FGM5004", "https://fight.mitre.org/mitigations/FGM5513", - "https://fight.mitre.org/data%20sources/DS0029" + "https://fight.mitre.org/techniques/FGT5019.005" ], "status": "Observed in earlier 3GPP generations and expected in 5G.", "subtechnique-of": "FGT5019", @@ -11722,22 +11707,22 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5034", "[1] O-RAN Security Threat Model 6.00 version - https://orandownloadsweb.azurewebsites.net/specifications", "[2] O-RAN WG3 Near-RT RIC Architecture 4.00 version - https://orandownloadsweb.azurewebsites.net/specifications", "[3] Ericsson white paper: “Security considerations of Open RAN”. - https://www.ericsson.com/en/security/security-considerations-of-open-ran", - "https://fight.mitre.org/mitigations/FGM5091", - "https://fight.mitre.org/mitigations/M1030", - "https://fight.mitre.org/mitigations/M1033", - "https://fight.mitre.org/mitigations/M1043", - "https://fight.mitre.org/mitigations/M1045", - "https://fight.mitre.org/mitigations/FGM5516", "https://fight.mitre.org/data%20sources/DS0006", "https://fight.mitre.org/data%20sources/DS0010", "https://fight.mitre.org/data%20sources/DS0025", "https://fight.mitre.org/data%20sources/DS0037", "https://fight.mitre.org/data%20sources/FGDS5015", - "https://fight.mitre.org/data%20sources/FGDS5021" + "https://fight.mitre.org/data%20sources/FGDS5021", + "https://fight.mitre.org/mitigations/FGM5091", + "https://fight.mitre.org/mitigations/FGM5516", + "https://fight.mitre.org/mitigations/M1030", + "https://fight.mitre.org/mitigations/M1033", + "https://fight.mitre.org/mitigations/M1043", + "https://fight.mitre.org/mitigations/M1045", + "https://fight.mitre.org/techniques/FGT5034" ], "status": "This is a theoretical behavior", "typecode": "fight_technique" @@ -11850,11 +11835,11 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5024", "[1] 5G Americas White Paper: “Innovations in 5G Backhaul Technologies; IAB, HFC & FIBER”, June 2020. - https://www.5gamericas.org/wp-content/uploads/2020/06/Innovations-in-5G-Backhaul-Technologies-WP-PDF.pdf", "[2] 3GPP TS 38.401: “NG-RAN; Architecture description”. - https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=3219", + "https://fight.mitre.org/data%20sources/FGDS5020", "https://fight.mitre.org/mitigations/FGM5515", - "https://fight.mitre.org/data%20sources/FGDS5020" + "https://fight.mitre.org/techniques/FGT5024" ], "status": "This is a theoretical behavior", "typecode": "fight_technique" @@ -11898,14 +11883,14 @@ "object-type": "technique", "platforms": "RAN, RAN", "refs": [ - "https://fight.mitre.org/techniques/FGT1587", "[1] Adrian Dabrowski, Nicola Pianta, Thomas Klepp, Martin Mulazzani, and Edgar Weippl. “IMSI-catch me if you can: IMSI-catcher-catchers”. In Proceedings of the 30th annual computer security applications Conference, pages 246–255, 2014. - https://its-wiki.no/images/f/fb/Dabrowski_ISMI_Catch_me_Catchers.pdf", + "[1] Information Security Newspaper, “How to hack and track anybody’s phone location via silent SMS messages”. - https://www.securitynewspaper.com/2023/06/20/how-to-hack-track-anybodys-phone-location-via-silent-sms-messages/", "[2] Ravishankar Borgaonkar, Altaf Shaik, “5G IMSI Catchers Mirage”, Blackhat USA Conference 2021. - https://blackhat.com/us-21/briefings/schedule/#g-imsi-catchers-mirage-23538", + "[2] Silent-sms-ping github repository - https://github.com/MatejKovacic/silent-sms-ping", "[3] “HOW COPS CAN SECRETLY TRACK YOUR PHONE”, The Intercept online article, July 31, 2021. Accessed 6/22/2022. - https://theintercept.com/2020/07/31/protests-surveillance-stingrays-dirtboxes-phone-tracking/", "[4] A Knight, Brier & Thorn, “Hacking GSM: Building a Rogue Base Station to Hack Cellular Devices”, Online Article. Accessed 6/22/2022. - https://www.brierandthorn.com/post/hacking-gsm-building-a-rogue-base-station-to-hack-cellular-devices", - "[1] Information Security Newspaper, “How to hack and track anybody’s phone location via silent SMS messages”. - https://www.securitynewspaper.com/2023/06/20/how-to-hack-track-anybodys-phone-location-via-silent-sms-messages/", - "[2] Silent-sms-ping github repository - https://github.com/MatejKovacic/silent-sms-ping", - "https://fight.mitre.org/mitigations/M1056" + "https://fight.mitre.org/mitigations/M1056", + "https://fight.mitre.org/techniques/FGT1587" ], "status": "This is an observed behavior in Enterprise networks, and is theoretical in context of 5G systems.", "typecode": "attack_technique_addendum" @@ -11937,8 +11922,8 @@ "object-type": "technique", "platforms": "5G Core", "refs": [ - "https://fight.mitre.org/techniques/FGT1608", - "[1] M.Grassi & X. Chen, “Over The Air Baseband Exploit: Gaining Remote Code Execution on 5G Smartphones,” retrieved May 16, 2023 - https://dl.acm.org/doi/abs/10.1145/3395351.3399360" + "[1] M.Grassi & X. Chen, “Over The Air Baseband Exploit: Gaining Remote Code Execution on 5G Smartphones,” retrieved May 16, 2023 - https://dl.acm.org/doi/abs/10.1145/3395351.3399360", + "https://fight.mitre.org/techniques/FGT1608" ], "status": "This is an observed behavior in Enterprise networks, and is theoretical in context of 5G systems.", "typecode": "attack_technique_addendum" @@ -11974,8 +11959,8 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1608.502", - "[1] M.Grassi & X. Chen, “Over The Air Baseband Exploit: Gaining Remote\nCode Execution on 5G Smartphones,” retrieved May 16, 2023 - https://dl.acm.org/doi/abs/10.1145/3395351.3399360" + "[1] M.Grassi & X. Chen, “Over The Air Baseband Exploit: Gaining Remote\nCode Execution on 5G Smartphones,” retrieved May 16, 2023 - https://dl.acm.org/doi/abs/10.1145/3395351.3399360", + "https://fight.mitre.org/techniques/FGT1608.502" ], "status": "This is a theoretical behavior", "subtechnique-of": "FGT1608", @@ -12046,12 +12031,12 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5019.006", "[1] S.R. Hussain et.al., “Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channel Information” - https://homepage.divms.uiowa.edu/~comarhaider/publications/LTE-torpedo-NDSS19.pdf", "[2] H. Wen et al., “Thwarting Smartphone SMS Attacks at the\nRadio Interface Layer”. Retrieved Sept 14, 2023. - https://www.ndss-symposium.org/ndss-paper/thwarting-smartphone-sms-attacks-at-the-radio-interface-layer/", + "https://fight.mitre.org/data%20sources/FGDS5102", "https://fight.mitre.org/mitigations/FGM5004", "https://fight.mitre.org/mitigations/FGM5102", - "https://fight.mitre.org/data%20sources/FGDS5102" + "https://fight.mitre.org/techniques/FGT5019.006" ], "status": "Observed in earlier 3GPP generations and expected in 5G.", "subtechnique-of": "FGT5019", @@ -12152,15 +12137,15 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT5012.007", "[1] Chuan Yu et al, “Improving 4G/5G air interface security: A survey of existing attacks on different LTE layers”, ACM digital library - https://dl.acm.org/doi/abs/10.1016/j.comnet.2021.108532", "[2] 3GPP TR 33.809 “Study on 5G security enhancements against False Base Stations (FBS ”, Technical Report, v0.18.0, February 2022. - https://www.3gpp.org/DynaReport/33809.htm", "[3] S.R. Hussain et.al., “Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channel Information”. Retrieved Sept 11, 2023 - https://homepage.divms.uiowa.edu/~comarhaider/publications/LTE-torpedo-NDSS19.pdf", "[4] H. Wen et al., “Thwarting Smartphone SMS Attacks at the\nRadio Interface Layer”. Retrieved Sept 14, 2023. - https://www.ndss-symposium.org/ndss-paper/thwarting-smartphone-sms-attacks-at-the-radio-interface-layer/", + "https://fight.mitre.org/data%20sources/FGDS5002", + "https://fight.mitre.org/data%20sources/FGDS5102", "https://fight.mitre.org/mitigations/FGM5004", "https://fight.mitre.org/mitigations/FGM5102", - "https://fight.mitre.org/data%20sources/FGDS5002", - "https://fight.mitre.org/data%20sources/FGDS5102" + "https://fight.mitre.org/techniques/FGT5012.007" ], "status": "Observed in earlier 3GPP generations and expected in 5G.", "subtechnique-of": "FGT5012", @@ -12253,17 +12238,17 @@ "object-type": "technique", "platforms": "ORAN, OA&M", "refs": [ - "https://fight.mitre.org/techniques/FGT5037", "[1] O-RAN Security Threat Modeling and Remediation Analysis 6.0 \nO-RAN.WG11.Threat-Model.O-R003-v06.00, T-ML-02 - https://orandownloadsweb.azurewebsites.net/specifications", "[2] Adversarial Machine Learning: Well-known techniques - https://viso.ai/deep-learning/adversarial-machine-learning/", "[3] OWASP Machine Learning Security Top Ten - https://owasp.org/www-project-machine-learning-security-top-10/docs/ML03_2023-Model_Inversion_Attack.html", + "https://fight.mitre.org/data%20sources/DS0015", + "https://fight.mitre.org/data%20sources/DS0028", + "https://fight.mitre.org/mitigations/M1009", "https://fight.mitre.org/mitigations/M1018", "https://fight.mitre.org/mitigations/M1026", "https://fight.mitre.org/mitigations/M1041", "https://fight.mitre.org/mitigations/M1047", - "https://fight.mitre.org/mitigations/M1009", - "https://fight.mitre.org/data%20sources/DS0015", - "https://fight.mitre.org/data%20sources/DS0028" + "https://fight.mitre.org/techniques/FGT5037" ], "status": "This is a theoretical behavior", "typecode": "fight_technique" @@ -12363,17 +12348,17 @@ "object-type": "technique", "platforms": "ORAN, OA&M", "refs": [ - "https://fight.mitre.org/techniques/FGT5036", "[1] O-RAN Security Threat Modeling and Remediation Analysis 6.0,  \nO-RAN.WG11.Threat-Model.O-R003-v06.00, T-ML-02 - https://orandownloadsweb.azurewebsites.net/specifications", "[2] Adversarial Machine Learning: Well-known techniques - https://viso.ai/deep-learning/adversarial-machine-learning/", "[3] OWASP Machine Learning Security Top Ten - https://owasp.org/www-project-machine-learning-security-top-10/docs/ML03_2023-Model_Inversion_Attack.html", + "https://fight.mitre.org/data%20sources/DS0015", + "https://fight.mitre.org/data%20sources/DS0028", + "https://fight.mitre.org/mitigations/M1009", "https://fight.mitre.org/mitigations/M1018", "https://fight.mitre.org/mitigations/M1026", "https://fight.mitre.org/mitigations/M1041", "https://fight.mitre.org/mitigations/M1047", - "https://fight.mitre.org/mitigations/M1009", - "https://fight.mitre.org/data%20sources/DS0015", - "https://fight.mitre.org/data%20sources/DS0028" + "https://fight.mitre.org/techniques/FGT5036" ], "status": "This is a theoretical behavior", "typecode": "fight_technique" @@ -12479,15 +12464,15 @@ "object-type": "technique", "platforms": "Infrastructure, 5G, CI/CD, OA&M Tools, VNFs", "refs": [ - "https://fight.mitre.org/techniques/FGT1195.002", "[1] ETSI NFV SEC001, “Network Functions Virtualization (NFV ; NFV Security; Problem Statement”, Jan. 2014, section 6.9 - https://www.etsi.org/deliver/etsi_gs/nfv-sec/001_099/001/01.01.01_60/gs_nfv-sec001v010101p.pdf", "[2] The Untold Story of the Boldest Supply-Chain Hack Ever - https://www.wired.com/story/the-untold-story-of-solarwinds-the-boldest-supply-chain-hack-ever/", + "https://fight.mitre.org/data%20sources/DS0022", + "https://fight.mitre.org/mitigations/FGM5517", + "https://fight.mitre.org/mitigations/M0817", "https://fight.mitre.org/mitigations/M1016", "https://fight.mitre.org/mitigations/M1045", "https://fight.mitre.org/mitigations/M1051", - "https://fight.mitre.org/mitigations/FGM5517", - "https://fight.mitre.org/mitigations/M0817", - "https://fight.mitre.org/data%20sources/DS0022" + "https://fight.mitre.org/techniques/FGT1195.002" ], "status": "This is an observed behavior in Enterprise networks, and is theoretical in context of 5G systems.", "subtechnique-of": "FGT1195", @@ -12590,14 +12575,14 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1195.003", "[1] ETSI NFV SEC001, “Network Functions Virtualization (NFV ; NFV Security; Problem Statement”, Jan. 2014, section 6.9 - https://www.etsi.org/deliver/etsi_gs/nfv-sec/001_099/001/01.01.01_60/gs_nfv-sec001v010101p.pdf", "[2] The Untold Story of the Boldest Supply-Chain Hack Ever - https://www.wired.com/story/the-untold-story-of-solarwinds-the-boldest-supply-chain-hack-ever/", "[3] Trusted Platform Module (TPM Summary - https://trustedcomputinggroup.org/wp-content/uploads/Trusted-Platform-Module-Summary_04292008.pdf", + "https://fight.mitre.org/data%20sources/DS0013", + "https://fight.mitre.org/data%20sources/DS0022", "https://fight.mitre.org/mitigations/M1016", "https://fight.mitre.org/mitigations/M1051", - "https://fight.mitre.org/data%20sources/DS0013", - "https://fight.mitre.org/data%20sources/DS0022" + "https://fight.mitre.org/techniques/FGT1195.003" ], "status": "This is an observed behavior in Enterprise networks, and is theoretical in context of 5G systems.", "subtechnique-of": "FGT1195", @@ -12693,14 +12678,14 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1200", "[1] O-RAN WG11 Threat Model 6.00 version, “ORAN Threat Model” - https://orandownloadsweb.azurewebsites.net/specifications", "[2] NTIA Open RAN Security Report May 2023 - https://ntia.gov/sites/default/files/publications/open_ran_security_report_full_report_0.pdf", + "https://fight.mitre.org/data%20sources/DS0029", + "https://fight.mitre.org/data%20sources/DS0039", "https://fight.mitre.org/mitigations/M1026", "https://fight.mitre.org/mitigations/M1030", "https://fight.mitre.org/mitigations/M1047", - "https://fight.mitre.org/data%20sources/DS0029", - "https://fight.mitre.org/data%20sources/DS0039" + "https://fight.mitre.org/techniques/FGT1200" ], "status": "This is an observed behavior in Enterprise networks, and is theoretical in context of 5G systems.", "typecode": "attack_technique_addendum" @@ -12770,10 +12755,10 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1588.002", "[1] Open Source tools - https://github.com/ravens/awesome-telco", "[2] Building a Cellphone IMSI Catcher (Stingray - https://www.hackers-arise.com/post/software-defined-radio-part-6-building-a-imsi-catcher-stingray", - "https://fight.mitre.org/mitigations/M1056" + "https://fight.mitre.org/mitigations/M1056", + "https://fight.mitre.org/techniques/FGT1588.002" ], "status": "This is an observed behavior in Enterprise networks, and is theoretical in context of 5G systems.", "subtechnique-of": "FGT1588", @@ -12833,7 +12818,6 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1588.501", "[1] Open Source RAN project - https://www.srslte.com", "[2] Over The Air Baseband Exploit: Gaining Remote Code Execution on 5G Smartphones - https://keenlab.tencent.com/zh/whitepapers/us-21-Over-The-Air-Baseband-Exploit-Gaining-Remote-Code-Execution-on-5G-Smartphones-wp.pdf", "[3] Open5GS - https://open5gs.org", @@ -12841,7 +12825,8 @@ "[5] Open Source tools - https://github.com/ravens/awesome-telco", "[6] Building a Cellphone IMSI Catcher (Stingray - https://www.hackers-arise.com/post/software-defined-radio-part-6-building-a-imsi-catcher-stingray", "[7] 5G NR equipment suppliers - https://www.rfwireless-world.com/Vendors/5G-NR-Network-Equipment-Manufacturers.html", - "https://fight.mitre.org/mitigations/M1056" + "https://fight.mitre.org/mitigations/M1056", + "https://fight.mitre.org/techniques/FGT1588.501" ], "status": "This is a theoretical behavior", "subtechnique-of": "FGT1588", @@ -12915,13 +12900,13 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1642.501", "[1] ACM article, : “Improving 4G/5G air interface security: A survey of existing attacks on different LTE layers”. - https://dl.acm.org/doi/abs/10.1016/j.comnet.2021.108532", "[2] 3GPP TS 38.331: “Radio Resource Control (RRC ; Protocol specification” Release 16. - https://www.3gpp.org/DynaReport/38331.htm", "[3] 3GPP TR 33.809: - https://www.3gpp.org/DynaReport/33809.htm", "[4] Ericsson paper, Jingya Li et al: “An Overview of 5G System Accessibility Differentiation and Control”. - https://arxiv.org/ftp/arxiv/papers/2012/2012.05520.pdf", + "https://fight.mitre.org/data%20sources/FGDS5002", "https://fight.mitre.org/mitigations/FGM5024", - "https://fight.mitre.org/data%20sources/FGDS5002" + "https://fight.mitre.org/techniques/FGT1642.501" ], "status": "This is a theoretical behavior", "subtechnique-of": "FGT1642", @@ -13015,15 +13000,15 @@ } ], "refs": [ - "https://fight.mitre.org/techniques/FGT1048.501", "[1] “Bhadhra Framework”: S.P. Rao, S. Holtmanns, T. Aura, “Threat modeling framework for mobile communication systems” - https://arxiv.org/pdf/2005.05110.pdf", "[2] Peng, C., Li, C., Tu, G., Lu, S., & Zhang, L. (2012 . Mobile data charging: new attacks and countermeasures. Proceedings of the 2012 ACM conference on Computer and communications security. - https://dl.acm.org/doi/pdf/10.1145/2382196.2382220", "[3] Merve Sahin, Aurelien Francillon, Payas Gupta, and Mustaque Ahamad. 2017. \n“Sok: Fraud in telephony networks”. In 2017 IEEE European Symposium on Security\nand Privacy (EuroS&P . IEEE, p235–250 - https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7961983&tag=1", "[4] Kui Xu, Patrick Butler, Sudip Saha, Danfeng (Daphni Yao in DNS CC Journal, “DNS for Massive-Scale Command and Control” - https://people.cs.vt.edu/~danfeng/papers/DNS-CC-JOURNAL.pdf", + "https://fight.mitre.org/data%20sources/DS0017", + "https://fight.mitre.org/data%20sources/DS0029", "https://fight.mitre.org/mitigations/FGM5024", "https://fight.mitre.org/mitigations/M1031", - "https://fight.mitre.org/data%20sources/DS0017", - "https://fight.mitre.org/data%20sources/DS0029" + "https://fight.mitre.org/techniques/FGT1048.501" ], "status": "This is a theoretical behavior in context of 5G systems.", "subtechnique-of": "FGT1048", diff --git a/tools/gen_mitre_fight.py b/tools/gen_mitre_fight.py index 93a0562..3f59495 100755 --- a/tools/gen_mitre_fight.py +++ b/tools/gen_mitre_fight.py @@ -120,6 +120,9 @@ for item in fight['techniques']: except KeyError: pass + element['meta']['refs'] = list(set(element['meta']['refs'])) + element['meta']['refs'].sort() + techniques.append(element)