From 2f5156b5e8c087a039b991bfd00dd72b3fc0144a Mon Sep 17 00:00:00 2001 From: Christophe Vandeplas Date: Tue, 11 Jun 2024 15:44:02 +0200 Subject: [PATCH] fix: [GSMA MoTIF] fix empty values --- clusters/gsma-motif.json | 63 ++++++++++++++-------------------------- tools/gen_gsma_motif.py | 10 +++---- 2 files changed, 26 insertions(+), 47 deletions(-) diff --git a/clusters/gsma-motif.json b/clusters/gsma-motif.json index bdaeed0..9b29e5a 100644 --- a/clusters/gsma-motif.json +++ b/clusters/gsma-motif.json @@ -18,8 +18,7 @@ ], "refs": [ "page 14 of https://www.gsma.com/solutions-and-impact/technologies/security/wp-content/uploads/2024/04/FS.57-MoTIF-Principles-v1.0.pdf", - "(1) Borgaonkar, R. & Shaik, A. (2015). LTE and IMSI Catcher Myths. Black Hat USA 2015 (2) Electronic Frontier Foundation. (2019). Gotta Catch 'Em All: Understanding How IMSI-Catchers Exploit Cell Networks. (3) Kumar, P. et.al. (2021). Murat: Multi-RAT False Base Station Detector (Section IIB) (4) Rupprecht, D. et.al. (2018). On Security Research Towards Future Mobile Network Generations. (Section III D)", - "" + "(1) Borgaonkar, R. & Shaik, A. (2015). LTE and IMSI Catcher Myths. Black Hat USA 2015 (2) Electronic Frontier Foundation. (2019). Gotta Catch 'Em All: Understanding How IMSI-Catchers Exploit Cell Networks. (3) Kumar, P. et.al. (2021). Murat: Multi-RAT False Base Station Detector (Section IIB) (4) Rupprecht, D. et.al. (2018). On Security Research Towards Future Mobile Network Generations. (Section III D)" ] }, "uuid": "ef315196-4c0f-50d5-85b7-eb5fe3757ba3", @@ -34,8 +33,7 @@ ], "refs": [ "page 15 of https://www.gsma.com/solutions-and-impact/technologies/security/wp-content/uploads/2024/04/FS.57-MoTIF-Principles-v1.0.pdf", - "(1) Li, Z. et al. (2017). FBS-Radar: Uncovering Fake Base Stations at Scale in the Wild. (2) Borgaonkar, R. & Shaik, A. (2015). LTE and IMSI Catcher Myths. Black Hat USA 2015 (3) Electronic Frontier Foundation. (2019). Gotta Catch 'Em All: Understanding How IMSI-Catchers Exploit Cell Networks. (4) Quintin, C. (2020). Detecting Fake 4G Base Stations in Real Time. Black Hat USA 2020.", - "" + "(1) Li, Z. et al. (2017). FBS-Radar: Uncovering Fake Base Stations at Scale in the Wild. (2) Borgaonkar, R. & Shaik, A. (2015). LTE and IMSI Catcher Myths. Black Hat USA 2015 (3) Electronic Frontier Foundation. (2019). Gotta Catch 'Em All: Understanding How IMSI-Catchers Exploit Cell Networks. (4) Quintin, C. (2020). Detecting Fake 4G Base Stations in Real Time. Black Hat USA 2020." ] }, "uuid": "7dcf1eaa-a0c6-51c8-8e5f-dfd2e033cd50", @@ -130,8 +128,7 @@ ], "refs": [ "page 20 of https://www.gsma.com/solutions-and-impact/technologies/security/wp-content/uploads/2024/04/FS.57-MoTIF-Principles-v1.0.pdf", - "(1) The Intercept. (2014). Operation AURORAGOLD: How the NSA Hacks Cellphone Networks Worldwide. (2) https://www.wikileaks.org/hackingteam/emails/emailid/72166", - "" + "(1) The Intercept. (2014). Operation AURORAGOLD: How the NSA Hacks Cellphone Networks Worldwide. (2) https://www.wikileaks.org/hackingteam/emails/emailid/72166" ] }, "uuid": "82018f31-afeb-5452-918e-f47e1379d717", @@ -162,8 +159,7 @@ ], "refs": [ "page 21 of https://www.gsma.com/solutions-and-impact/technologies/security/wp-content/uploads/2024/04/FS.57-MoTIF-Principles-v1.0.pdf", - "(1) TBIJ. (2020) Spy companies using Channel Islands to track phones around the world. (2) CitizenLab. (2020). Running in Circles Uncovering the Clients of Cyberespionage Firm Circles. (3) TBIJ. (2021). Swiss tech company boss accused of selling mobile network access for spying. (4) Enea (2021) 5G Network Slicing Security in 5G Core Networks (5) Mobileum (2023) OAuth2.0 Security and Protocol Exploit Analysis in 5G Ecosystem", - "" + "(1) TBIJ. (2020) Spy companies using Channel Islands to track phones around the world. (2) CitizenLab. (2020). Running in Circles Uncovering the Clients of Cyberespionage Firm Circles. (3) TBIJ. (2021). Swiss tech company boss accused of selling mobile network access for spying. (4) Enea (2021) 5G Network Slicing Security in 5G Core Networks (5) Mobileum (2023) OAuth2.0 Security and Protocol Exploit Analysis in 5G Ecosystem" ] }, "uuid": "a7a503d3-cfcb-52f0-b76b-ce5d1604efb6", @@ -178,8 +174,7 @@ ], "refs": [ "page 22 of https://www.gsma.com/solutions-and-impact/technologies/security/wp-content/uploads/2024/04/FS.57-MoTIF-Principles-v1.0.pdf", - "(1) DePerry, D. & Ritter T. (2013). I Can Hear You Now - Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell. Black Hat USA2013 (2) Wired (2016). Here's How Much a StingRay Cell Phone Surveillance Tool Costs (3) Alibaba.com. Wholesale imsi catcher 4g For Online Communication", - "" + "(1) DePerry, D. & Ritter T. (2013). I Can Hear You Now - Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell. Black Hat USA2013 (2) Wired (2016). Here's How Much a StingRay Cell Phone Surveillance Tool Costs (3) Alibaba.com. Wholesale imsi catcher 4g For Online Communication" ] }, "uuid": "f165ba28-bf24-5151-ac17-ae9ffa96f124", @@ -226,8 +221,7 @@ ], "refs": [ "page 24 of https://www.gsma.com/solutions-and-impact/technologies/security/wp-content/uploads/2024/04/FS.57-MoTIF-Principles-v1.0.pdf", - "(1) P1 Security. (2021). All authentication vectors are not made equal.", - "" + "(1) P1 Security. (2021). All authentication vectors are not made equal." ] }, "uuid": "48318fd2-a653-581e-8c13-7f3846dfbb8f", @@ -242,8 +236,7 @@ ], "refs": [ "page 25 of https://www.gsma.com/solutions-and-impact/technologies/security/wp-content/uploads/2024/04/FS.57-MoTIF-Principles-v1.0.pdf", - "(1) Enea. (2022). HiddenArt - A Russian-linked SS7 Threat Actor (2) P1 Security. (2021). All authentication vectors are not made equal.", - "" + "(1) Enea. (2022). HiddenArt - A Russian-linked SS7 Threat Actor (2) P1 Security. (2021). All authentication vectors are not made equal." ] }, "uuid": "b4dfe23b-1e4e-5979-b4e4-9b3dcecfddb2", @@ -258,8 +251,7 @@ ], "refs": [ "page 25 of https://www.gsma.com/solutions-and-impact/technologies/security/wp-content/uploads/2024/04/FS.57-MoTIF-Principles-v1.0.pdf", - "(1) P1 Security. (2014). SS7map: mapping vulnerability of the international mobile roaming infrastructure", - "" + "(1) P1 Security. (2014). SS7map: mapping vulnerability of the international mobile roaming infrastructure" ] }, "uuid": "43af1748-6207-54d4-a402-a4371fcdd5cd", @@ -274,8 +266,7 @@ ], "refs": [ "page 26 of https://www.gsma.com/solutions-and-impact/technologies/security/wp-content/uploads/2024/04/FS.57-MoTIF-Principles-v1.0.pdf", - "(1) P1 Security. (2021). All authentication vectors are not made equal.", - "" + "(1) P1 Security. (2021). All authentication vectors are not made equal." ] }, "uuid": "acd147cf-5a45-5bbf-b74d-7a59175b4c64", @@ -290,8 +281,7 @@ ], "refs": [ "page 27 of https://www.gsma.com/solutions-and-impact/technologies/security/wp-content/uploads/2024/04/FS.57-MoTIF-Principles-v1.0.pdf", - "(1) The Washington Post. (2014). For sale: Systems that can secretly track where cellphone users go around the globe. (2) Lighthouse Reports. (2022). Revealing Europe's NSO. (3) Mc Daid, C. (2020) Watching the Watchers - How Surveillance Companies track you using Mobile Networks. #rC3 2020.", - "" + "(1) The Washington Post. (2014). For sale: Systems that can secretly track where cellphone users go around the globe. (2) Lighthouse Reports. (2022). Revealing Europe's NSO. (3) Mc Daid, C. (2020) Watching the Watchers - How Surveillance Companies track you using Mobile Networks. #rC3 2020." ] }, "uuid": "139f89a6-7727-5e80-a3a5-c33ba1e66775", @@ -306,8 +296,7 @@ ], "refs": [ "page 27 of https://www.gsma.com/solutions-and-impact/technologies/security/wp-content/uploads/2024/04/FS.57-MoTIF-Principles-v1.0.pdf", - "(1) P1 Security. (2021). All authentication vectors are not made equal. (2) Mc Daid, C. (2020) Watching the Watchers - How Surveillance Companies track you using Mobile Networks. #rC3 2020.", - "" + "(1) P1 Security. (2021). All authentication vectors are not made equal. (2) Mc Daid, C. (2020) Watching the Watchers - How Surveillance Companies track you using Mobile Networks. #rC3 2020." ] }, "uuid": "0bae4fc7-da2e-5b93-91aa-9a3a975db351", @@ -322,8 +311,7 @@ ], "refs": [ "page 28 of https://www.gsma.com/solutions-and-impact/technologies/security/wp-content/uploads/2024/04/FS.57-MoTIF-Principles-v1.0.pdf", - "(1) Mc Daid, C. (2020) Watching the Watchers - How Surveillance Companies track you using Mobile Networks. #rC3 2020..", - "" + "(1) Mc Daid, C. (2020) Watching the Watchers - How Surveillance Companies track you using Mobile Networks. #rC3 2020.." ] }, "uuid": "2c5d4f4f-7bf8-5b99-b9d9-4b3509ed468f", @@ -354,8 +342,7 @@ ], "refs": [ "page 29 of https://www.gsma.com/solutions-and-impact/technologies/security/wp-content/uploads/2024/04/FS.57-MoTIF-Principles-v1.0.pdf", - "(1) P1 Security (2021). All authentication vectors are not made equal. (2) The Washington Post. (2014). For sale: Systems that can secretly track where cellphone users go around the globe. (3) Lighthouse Reports. (2022). Revealing Europe's NSO (4) Enea. (2022). HiddenArt - A Russian-linked SS7 Threat Actor", - "" + "(1) P1 Security (2021). All authentication vectors are not made equal. (2) The Washington Post. (2014). For sale: Systems that can secretly track where cellphone users go around the globe. (3) Lighthouse Reports. (2022). Revealing Europe's NSO (4) Enea. (2022). HiddenArt - A Russian-linked SS7 Threat Actor" ] }, "uuid": "cb5103d5-5852-5184-8dbf-3f40f5ec0b9f", @@ -387,8 +374,7 @@ ], "refs": [ "page 31 of https://www.gsma.com/solutions-and-impact/technologies/security/wp-content/uploads/2024/04/FS.57-MoTIF-Principles-v1.0.pdf", - "(1) Electronic Frontier Foundation. (2019). Gotta Catch 'Em All: Understanding How IMSI-Catchers Exploit Cell Networks", - "" + "(1) Electronic Frontier Foundation. (2019). Gotta Catch 'Em All: Understanding How IMSI-Catchers Exploit Cell Networks" ] }, "uuid": "fc78b217-a914-52fe-a139-3bcdc9a07f5c", @@ -404,8 +390,7 @@ ], "refs": [ "page 32 of https://www.gsma.com/solutions-and-impact/technologies/security/wp-content/uploads/2024/04/FS.57-MoTIF-Principles-v1.0.pdf", - "(1) CableLabs: (2019). False Base Station or IMSI Catcher: What You Need to Know. (2) Electronic Frontier Foundation. (2019). Gotta Catch 'Em All: Understanding How IMSI-Catchers Exploit Cell Networks", - "" + "(1) CableLabs: (2019). False Base Station or IMSI Catcher: What You Need to Know. (2) Electronic Frontier Foundation. (2019). Gotta Catch 'Em All: Understanding How IMSI-Catchers Exploit Cell Networks" ] }, "uuid": "fd65d912-3ab1-5543-b488-9d328d56c2e5", @@ -420,8 +405,7 @@ ], "refs": [ "page 32 of https://www.gsma.com/solutions-and-impact/technologies/security/wp-content/uploads/2024/04/FS.57-MoTIF-Principles-v1.0.pdf", - "(1) Aftenposten (2015). New report: Clear signs of mobile surveillance in Oslo, despite denial from Police Security Service. (2) CableLabs: (2019). False Base Station or IMSI Catcher: What You Need to Know. (3) Quintin, C. (2020). Detecting Fake 4G Base Stations in Real Time. Black Hat USA 2020.", - "" + "(1) Aftenposten (2015). New report: Clear signs of mobile surveillance in Oslo, despite denial from Police Security Service. (2) CableLabs: (2019). False Base Station or IMSI Catcher: What You Need to Know. (3) Quintin, C. (2020). Detecting Fake 4G Base Stations in Real Time. Black Hat USA 2020." ] }, "uuid": "ce4ae0c9-9d83-5285-8b3f-40475aff0d19", @@ -519,8 +503,7 @@ ], "refs": [ "page 37 of https://www.gsma.com/solutions-and-impact/technologies/security/wp-content/uploads/2024/04/FS.57-MoTIF-Principles-v1.0.pdf", - "(1) P1 Security. (2021). All authentication vectors are not made equal. (2) Aftenposten (2015). New report: Clear signs of mobile surveillance in Oslo, despite denial from Police Security Service. (3) Enea. (2022). HiddenArt - A Russian-linked SS7 Threat Actor", - "" + "(1) P1 Security. (2021). All authentication vectors are not made equal. (2) Aftenposten (2015). New report: Clear signs of mobile surveillance in Oslo, despite denial from Police Security Service. (3) Enea. (2022). HiddenArt - A Russian-linked SS7 Threat Actor" ] }, "uuid": "87cce0fb-1e5a-5b8b-aae5-58fcd4b3186a", @@ -535,8 +518,7 @@ ], "refs": [ "page 37 of https://www.gsma.com/solutions-and-impact/technologies/security/wp-content/uploads/2024/04/FS.57-MoTIF-Principles-v1.0.pdf", - "(1) Symsoft & P1 Security. (2018). SS7 and Diameter: Exploit Delivery over signalling protocols. (2) Mc Daid, C. (2019). Simjacker – the next frontier in mobile espionage. VB2019", - "" + "(1) Symsoft & P1 Security. (2018). SS7 and Diameter: Exploit Delivery over signalling protocols. (2) Mc Daid, C. (2019). Simjacker – the next frontier in mobile espionage. VB2019" ] }, "uuid": "7258f576-72e9-5f27-ad69-f84e24a0eb18", @@ -551,8 +533,7 @@ ], "refs": [ "page 38 of https://www.gsma.com/solutions-and-impact/technologies/security/wp-content/uploads/2024/04/FS.57-MoTIF-Principles-v1.0.pdf", - "(1) Puzankov, K. (2019) Hidden Agendas: bypassing GSMA recommendations on SS7 networks. HITB AMS SecConf May 2019", - "" + "(1) Puzankov, K. (2019) Hidden Agendas: bypassing GSMA recommendations on SS7 networks. HITB AMS SecConf May 2019" ] }, "uuid": "d6e3a64e-518d-59df-89d1-522ebc81c49d", @@ -568,8 +549,7 @@ ], "refs": [ "page 38 of https://www.gsma.com/solutions-and-impact/technologies/security/wp-content/uploads/2024/04/FS.57-MoTIF-Principles-v1.0.pdf", - "(1) P1 Security. (2021). All authentication vectors are not made equal. (2) Mc Daid, C. (2019). Simjacker – the next frontier in mobile espionage. VB2019", - "" + "(1) P1 Security. (2021). All authentication vectors are not made equal. (2) Mc Daid, C. (2019). Simjacker – the next frontier in mobile espionage. VB2019" ] }, "uuid": "c1a47611-44fc-5e82-a05e-4958366ba9e3", @@ -585,8 +565,7 @@ ], "refs": [ "page 39 of https://www.gsma.com/solutions-and-impact/technologies/security/wp-content/uploads/2024/04/FS.57-MoTIF-Principles-v1.0.pdf", - "(1) P1 Security. (2021). All authentication vectors are not made equal.", - "" + "(1) P1 Security. (2021). All authentication vectors are not made equal." ] }, "uuid": "8161ff0c-485f-5941-854f-e0bd1d1f9b99", diff --git a/tools/gen_gsma_motif.py b/tools/gen_gsma_motif.py index 550dd46..f3df56b 100644 --- a/tools/gen_gsma_motif.py +++ b/tools/gen_gsma_motif.py @@ -199,8 +199,6 @@ with tempfile.TemporaryFile() as tmp_f: tmp_f.write(r.content) print("Parsing PDF ... this takes time") items = parse_pdf(tmp_f) - with open('items.json', 'w') as f: - json.dump(items, f, indent=2, ensure_ascii=False) print("Converting to MISP Galaxy ...") # now convert and extract data to have something clean and usable @@ -233,13 +231,15 @@ for item in items.values(): 'meta': { 'kill_chain': kill_chain, 'refs': [ - f"page {item['page']} of {pdf_url}", - item['References'], - item['Analogous technique in other frameworks'] + f"page {item['page']} of {pdf_url}" ], 'external_id': item['ID'], } } + if item['References']: + technique['meta']['refs'].append(item['References']) + if item['Analogous technique in other frameworks']: + technique['meta']['refs'].append(item['Analogous technique in other frameworks']) techniques.append(technique) # TODO relations + refs as subtechniques