MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-26 08:47:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: [fight] fix duplicates

Browse source
This commit is contained in:
Christophe Vandeplas 2024-06-18 16:06:33 +02:00
parent fcc88613e4
commit 6341ffce68
No known key found for this signature in database
GPG key ID: BDC48619FFDC5A5B
1 changed files with 0 additions and 84 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

84
clusters/mitre-fight-techniques.json
View file

@ -6456,90 +6456,6 @@
"uuid": "0551e810-74ac-5a51-82c1-abaebeb3dfd4", "uuid": "0551e810-74ac-5a51-82c1-abaebeb3dfd4",
"value": "Self Location Measurement" "value": "Self Location Measurement"
}, },
{
"description": "An adversary may position itself on the radio interface, to support follow-on behaviors such as [Network Sniffing](/techniques/FGT1040) or [Transmitted Data Manipulation](/techniques/FGT1565.002).\r\n\r\nAdversary can deploy a fake gNB, eNB (a 4G base station) or WiFi access point, or a back-to-back fake gNB-UE combination to act as an adversary-in-the-middle, in order to intercept, inject and possibly modify communication and relay communication to and from intended recipient over the radio interface. \r\n\r\nThis attack assumes the following to have taken place: the UE has been bid-down (see [Bid down UE](/techniques/FGT1562.501)) to a less secure Radio Access Network such as 4G, or the UE connects to an eNB because the network is 5G Non-Standalone, or due to EPS fallback, or the UE connects to a WiFi access point (to access 5G services).",
"meta": {
"architecture-segment": "RAN",
"bluf": "An adversary may position itself on the radio interface, to support follow-on behaviors such as [Network Sniffing](/techniques/FGT1040) or [Transmitted Data Manipulation](/techniques/FGT1565.002).",
"criticalassets": [
{
"Description": "All signaling transmitted to and from subscriber can be modified or intercepted in the clear",
"Name": "Subscriber signaling"
},
{
"Description": "UE/subscriber geographical location can be intercepted.",
"Name": "UE location"
},
{
"Description": "All data and voice transmitted to and from subscriber can be modified or intercepted in the clear",
"Name": "Subscriber traffic"
}
],
"detections": [
{
"detects": "UE measurements of received power levels from all base stations nearby, and their identifiers Reference clause 6.24 of [3]",
"fgdsid": "FGDS5002",
"name": "UE signal measurements"
}
],
"external_id": "FGT1557.501",
"kill_chain": [
"fight:Collection",
"fight:Credential-Access"
],
"mitigations": [],
"object-type": "technique",
"platforms": "5G",
"postconditions": [
{
"Description": "Transient technique; works only as long as adversary-in-the-middle is able to retain connection.",
"Name": "Temporary loss of subscriber data confidentiality or integrity."
}
],
"preconditions": [
{
"Description": "Subscriber security profile must allow bidding down to less secure service OR system must employ null integrity or encryption.",
"Name": "Permissive subscriber security profile OR system employs null integrity or encryption."
}
],
"procedureexamples": [
{
"Description": "The adversary employs a back to back gNB-UE combination. When UE security profile allows bidding down, or the UE connects to 4G due to EPS fallback, or to WiFi, an adversary acts as an adversary-in-the-middle to intercept and possibly modify communication to and from intended recipient.",
"Name": "Adversary-in-the-Middle on air interface for a given UE"
},
{
"Description": "Alternatively, if the 5G system employs null integrity or encryption, subscriber data traffic can be eavesdropped or modified in transit over the air interface",
"Name": "Adversary-in-the-Middle on air interface for any UE"
},
{
"Description": "Adversary uses a fake base station to broadcast spoofed configuration messages to UEs nearby. Reference [3] (appendix B) contains a taxonomy of attacks against 5G UEs, passive and active. One concerns message attacks (fake MIB/SIB Master Information Block/System Information Block)",
"Name": "Spoofed configuration messages from fake base station"
}
],
"refs": [
"[1] European Union Agency for Cybersecurity (ENISA : “ENISA Threat Landscape for 5G Networks” Report, section 4.4, December 2020. - https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-for-5g-networks",
"[2] Hu, X. et al: “A Systematic Analysis Method for 5G Non-Access Stratum Signalling Security”, August 2019 - https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=8817957",
"[3] 3rd Generation Partnership Project (3GPP TR 33.809: “Study on 5G security enhancements against False Base Stations (FBS ”, Technical Report, v0.18.0, February 2022. - https://www.3gpp.org/DynaReport/33809.htm",
"https://fight.mitre.org/data%20sources/FGDS5002",
"https://fight.mitre.org/techniques/FGT1557.501"
],
"status": "Observed in earlier 3GPP generations and expected in 5G.",
"subtechnique-of": "FGT1557",
"typecode": "fight_subtechnique_to_attack_technique"
},
"related": [
{
"dest-uuid": "fa9ee8fb-7f25-554c-9682-0e50e774812d",
"type": "detected-by"
},
{
"dest-uuid": "5ecccab0-9d6d-504c-92c4-408091a3c114",
"type": "subtechnique-of"
}
],
"uuid": "125336d2-ca71-57b5-a46e-faca5013c555",
"value": "Radio interface"
},
{ {
"description": "A malicious app consumes subscriber data allocation to deny or degrade service to that UE. \r\n\r\nA malicious application might consume a UE's limited data plan, denying or throttling service.", "description": "A malicious app consumes subscriber data allocation to deny or degrade service to that UE. \r\n\r\nA malicious application might consume a UE's limited data plan, denying or throttling service.",
"meta": { "meta": {