{ "authors": [ "Bernardo Santos, OsloMet (Norway)", "Prof. Dr. Thanh van Do, Telenor Research (Norway)", "Luis Barriga, Ericsson AB (Sweden)", "Prof. Boning Feng, OsloMet (Norway)", "Van Thuan Do, Wolffia AS (Norway)", "Bruno Dzogovic, OsloMet (Norway)", "Niels Jacot, Wolffia AS (Norway)" ], "category": "cmtmf-attack-pattern", "description": "A list of Techniques in CONCORDIA Mobile Modelling Framework.", "name": "CONCORDIA Mobile Modelling Framework - Attack Pattern", "source": "https://5g4iot.vlab.cs.hioa.no/", "type": "cmtmf-attack-pattern", "uuid": "53e344f4-fa6c-4d42-9c65-1ffe1e093120", "values": [ { "description": "TBD", "meta": { "external_id": "T0001", "kill_chain": [ "cmtmf-attack:reconnaissance" ] }, "uuid": "92ac46f5-4356-427a-8863-2de3f974713f", "value": "Active Scanning" }, { "description": "TBD", "meta": { "external_id": "T0002", "kill_chain": [ "cmtmf-attack:reconnaissance" ] }, "uuid": "dd601586-1102-4084-80ad-a6776d8e46b0", "value": "Gather UE Identity Information" }, { "description": "TBD", "meta": { "external_id": "T0003", "kill_chain": [ "cmtmf-attack:reconnaissance" ] }, "uuid": "f43b9606-aa17-4c51-a26c-6bdba0440e4a", "value": "Gather UE Network Information" }, { "description": "TBD", "meta": { "external_id": "T0004", "kill_chain": [ "cmtmf-attack:reconnaissance" ] }, "uuid": "668a9ba5-9bd2-4e51-ad7d-0846d992723b", "value": "Phishing for Information" }, { "description": "TBD", "meta": { "external_id": "T0005", "kill_chain": [ "cmtmf-attack:reconnaissance" ] }, "uuid": "d0140441-ebe0-4508-8572-ab91aa237980", "value": "Social Media Reports" }, { "description": "TBD", "meta": { "external_id": "T0006", "kill_chain": [ "cmtmf-attack:resource-development" ] }, "uuid": "a0224c49-b049-40eb-8012-e723c76aa841", "value": "Develop Capabilities" }, { "description": "TBD", "meta": { "external_id": "T0007", "kill_chain": [ "cmtmf-attack:resource-development" ] }, "uuid": "37fc2d12-0e65-4e6c-a55f-0a24f818c6cb", "value": "Obtain Capabilities" }, { "description": "TBD", "meta": { "external_id": "T0008", "kill_chain": [ "cmtmf-attack:resource-development" ] }, "uuid": "71f1f231-f14b-417d-aa5b-dd0bcb76eefb", "value": "Stage Capabilities" }, { "description": "TBD", "meta": { "external_id": "T0009", "kill_chain": [ "cmtmf-attack:resource-development" ] }, "uuid": "eb793a3a-ca08-43ea-bf56-da4d06d5f273", "value": "Compromise Accounts" }, { "description": "TBD", "meta": { "external_id": "T0010", "kill_chain": [ "cmtmf-attack:resource-development" ] }, "uuid": "51060d01-ef29-40ab-8965-8031d0941811", "value": "Acquire Infrastructure" }, { "description": "TBD", "meta": { "external_id": "T0011", "kill_chain": [ "cmtmf-attack:resource-development" ] }, "uuid": "53e344f4-fa6c-4d42-9c65-1ffe1e093120", "value": "Compromise Infrastructure" }, { "description": "TBD", "meta": { "external_id": "T0012", "kill_chain": [ "cmtmf-attack:initial-access" ] }, "uuid": "92ac46f5-4356-427a-8863-2de3f974713f", "value": "Exploit Public-Facing Application" }, { "description": "TBD", "meta": { "external_id": "T0013", "kill_chain": [ "cmtmf-attack:initial-access" ] }, "uuid": "dd601586-1102-4084-80ad-a6776d8e46b0", "value": "Malicious App from App Store" }, { "description": "TBD", "meta": { "external_id": "T0014", "kill_chain": [ "cmtmf-attack:initial-access" ] }, "uuid": "f43b9606-aa17-4c51-a26c-6bdba0440e4a", "value": "Malicious App from Third Party" }, { "description": "TBD", "meta": { "external_id": "T0016", "kill_chain": [ "cmtmf-attack:initial-access" ] }, "uuid": "d0140441-ebe0-4508-8572-ab91aa237980", "value": "Masquerade as Legitimate Application" }, { "description": "TBD", "meta": { "external_id": "T0017", "kill_chain": [ "cmtmf-attack:initial-access" ] }, "uuid": "a0224c49-b049-40eb-8012-e723c76aa841", "value": "Exploit via Charging Station or PC" }, { "description": "TBD", "meta": { "external_id": "T0018", "kill_chain": [ "cmtmf-attack:initial-access" ] }, "uuid": "37fc2d12-0e65-4e6c-a55f-0a24f818c6cb", "value": "Exploit via Radio Interfaces" }, { "description": "TBD", "meta": { "external_id": "T0019", "kill_chain": [ "cmtmf-attack:impact", "cmtmf-attack:initial-access", "cmtmf-attack:lateral-movement" ] }, "uuid": "71f1f231-f14b-417d-aa5b-dd0bcb76eefb", "value": "Rogue Cellular Base Station" }, { "description": "TBD", "meta": { "external_id": "T0020", "kill_chain": [ "cmtmf-attack:initial-access" ] }, "uuid": "eb793a3a-ca08-43ea-bf56-da4d06d5f273", "value": "Insider attacks and human errors" }, { "description": "TBD", "meta": { "external_id": "T0021", "kill_chain": [ "cmtmf-attack:initial-access" ] }, "uuid": "2781ceb6-fff9-4e0e-8e58-4c970911f87a", "value": "Trusted Relationship" }, { "description": "TBD", "meta": { "external_id": "T0022", "kill_chain": [ "cmtmf-attack:initial-access" ] }, "uuid": "fa6f94a8-d5f9-462a-883c-f5e4317a54dd", "value": "Supply Chain Compromise" }, { "description": "TBD", "meta": { "external_id": "T0023", "kill_chain": [ "cmtmf-attack:execution" ] }, "uuid": "870e8141-ad9a-435e-bf10-835d96348973", "value": "Native Code" }, { "description": "TBD", "meta": { "external_id": "T0024", "kill_chain": [ "cmtmf-attack:execution", "cmtmf-attack:privilege-escalation", "cmtmf-attack:persistence" ] }, "uuid": "7ac81844-d442-4d93-b922-59a44ca79454", "value": "Scheduled Task/Job" }, { "description": "TBD", "meta": { "external_id": "T0025", "kill_chain": [ "cmtmf-attack:execution" ] }, "uuid": "c1cffc56-217e-42cb-8330-49269dde8054", "value": "Command-Line Interface" }, { "description": "TBD", "meta": { "external_id": "T0026", "kill_chain": [ "cmtmf-attack:execution" ] }, "uuid": "a47e9e97-87f9-450e-84f0-ca628a33d0ce", "value": "Command and Scripting Interpreter" }, { "description": "TBD", "meta": { "external_id": "T0027", "kill_chain": [ "cmtmf-attack:persistence" ] }, "uuid": "3b3c1a0b-512c-44a7-93ea-1f64501acb4d", "value": "Boot or Logon Autostart Execution" }, { "description": "TBD", "meta": { "external_id": "T0028", "kill_chain": [ "cmtmf-attack:persistence" ] }, "uuid": "2cb0bb08-0ded-410d-b0de-baa5b6e65bf7", "value": "Foreground Persistence" }, { "description": "TBD", "meta": { "external_id": "T0029", "kill_chain": [ "cmtmf-attack:persistence" ] }, "uuid": "8f908951-f95f-4c23-bda1-124030df1478", "value": "Modify Cached Executable Code" }, { "description": "TBD", "meta": { "external_id": "T0032", "kill_chain": [ "cmtmf-attack:persistence" ] }, "uuid": "981fc4a0-f704-42d5-b938-e6d0428177d3", "value": "Compromise Application Executable" }, { "description": "TBD", "meta": { "external_id": "T0033", "kill_chain": [ "cmtmf-attack:persistence" ] }, "uuid": "ad487281-8e08-432e-ac8c-1012c1bd15e3", "value": "Modify OS Kernel or Boot Partition" }, { "description": "TBD", "meta": { "external_id": "T0034", "kill_chain": [ "cmtmf-attack:persistence" ] }, "uuid": "885fb448-33de-4223-b1ec-1c03a2e2f599", "value": "Event Triggered Execution" }, { "description": "TBD", "meta": { "external_id": "T0035", "kill_chain": [ "cmtmf-attack:persistence" ] }, "uuid": "de82ce3e-bbaf-4bbb-aa93-5a67d476c867", "value": "Spoofed radio network" }, { "description": "TBD", "meta": { "external_id": "T0036", "kill_chain": [ "cmtmf-attack:persistence" ] }, "uuid": "e999a2f8-96cc-41b4-8199-66afc4e19919", "value": "Infecting network nodes" }, { "description": "TBD", "meta": { "external_id": "T0037", "kill_chain": [ "cmtmf-attack:privilege-escalation" ] }, "uuid": "7b487a20-faa0-441d-8e31-44d872d12b3d", "value": "Code Injection" }, { "description": "TBD", "meta": { "external_id": "T0038", "kill_chain": [ "cmtmf-attack:privilege-escalation" ] }, "uuid": "5ce17e6a-44aa-415a-864e-c7b45409350e", "value": "Process Injection" }, { "description": "TBD", "meta": { "external_id": "T0040", "kill_chain": [ "cmtmf-attack:defense-evasion" ] }, "uuid": "546cf539-733a-45d2-b112-297e920bdfe5", "value": "Masquerading" }, { "description": "TBD", "meta": { "external_id": "T0041", "kill_chain": [ "cmtmf-attack:defense-evasion" ] }, "uuid": "59111ac3-8f51-4974-b72d-51ae64902b3d", "value": "Disguise Root/Jailbreak Indicators" }, { "description": "TBD", "meta": { "external_id": "T0042", "kill_chain": [ "cmtmf-attack:defense-evasion" ] }, "uuid": "20b446a7-214f-4709-80d3-6c1426b57a00", "value": "Evade Analysis Environment" }, { "description": "TBD", "meta": { "external_id": "T0043", "kill_chain": [ "cmtmf-attack:persistence", "cmtmf-attack:defense-evasion" ] }, "uuid": "2ce9d395-501f-4b7c-9106-14ac33c27765", "value": "Modify Trusted Execution Environment" }, { "description": "TBD", "meta": { "external_id": "T0044", "kill_chain": [ "cmtmf-attack:defense-evasion" ] }, "uuid": "2e04955b-296a-43cd-8994-ccd7ae882230", "value": "Obfuscated Files or Information" }, { "description": "TBD", "meta": { "external_id": "T0045", "kill_chain": [ "cmtmf-attack:defense-evasion" ] }, "uuid": "9b6de21d-8583-4efd-bcbc-3aa66b9dbf68", "value": "Suppress Application Icon" }, { "description": "TBD", "meta": { "external_id": "T0046", "kill_chain": [ "cmtmf-attack:defense-evasion" ] }, "uuid": "d166bb9a-63d0-4555-a571-eeaef97a39d1", "value": "Uninstall Malicious Application" }, { "description": "TBD", "meta": { "external_id": "T0047", "kill_chain": [ "cmtmf-attack:defense-evasion", "cmtmf-attack:initial-access" ] }, "uuid": "173d8221-a5b4-4efa-b3aa-902c6e7b7ead", "value": "Install Insecure or Malicious Configuration" }, { "description": "TBD", "meta": { "external_id": "T0048", "kill_chain": [ "cmtmf-attack:defense-evasion" ] }, "uuid": "a0ffe349-849b-4c6e-9f4c-10eef819d124", "value": "Geofencing" }, { "description": "TBD", "meta": { "external_id": "T0049", "kill_chain": [ "cmtmf-attack:defense-evasion" ] }, "uuid": "8b204308-e643-4fdb-a337-92d372bd917a", "value": "Shutdown Remote Device" }, { "description": "TBD", "meta": { "external_id": "T0050", "kill_chain": [ "cmtmf-attack:defense-evasion" ] }, "uuid": "f301abc6-6590-4ab2-93ef-d8ca435179c4", "value": "Exploitation for Defense Evasion" }, { "description": "TBD", "meta": { "external_id": "T0051", "kill_chain": [ "cmtmf-attack:defense-evasion" ] }, "uuid": "cf685f28-fc43-4cf6-b91c-9dbcc42ddc02", "value": "Security Audit Camouflage" }, { "description": "TBD", "meta": { "external_id": "T0052", "kill_chain": [ "cmtmf-attack:defense-evasion" ] }, "uuid": "30e03f2f-ae68-436f-b677-e41457def8ac", "value": "Overload Avoidance" }, { "description": "TBD", "meta": { "external_id": "T0053", "kill_chain": [ "cmtmf-attack:defense-evasion" ] }, "uuid": "36d3aadd-48e6-49e3-89b7-894074179059", "value": "Traffic Distribution" }, { "description": "TBD", "meta": { "external_id": "T0054", "kill_chain": [ "cmtmf-attack:credential-access" ] }, "uuid": "e26c80cd-6c94-4a17-bef6-272d5fdeec0d", "value": "URI Hijacking" }, { "description": "TBD", "meta": { "external_id": "T0056", "kill_chain": [ "cmtmf-attack:credential-access" ] }, "uuid": "eed66957-03d7-472e-bfce-7fbc833295af", "value": "Modify Authentication Process" }, { "description": "TBD", "meta": { "external_id": "T0057", "kill_chain": [ "cmtmf-attack:credential-access" ] }, "uuid": "5f26a03f-b603-46b1-a8ee-91eb02023059", "value": "Forced Authentication" }, { "description": "TBD", "meta": { "external_id": "T0058", "kill_chain": [ "cmtmf-attack:discovery" ] }, "uuid": "941608a1-3058-465f-91f0-ee4f2a40f81e", "value": "System Network Connections Discovery" }, { "description": "TBD", "meta": { "external_id": "T0059", "kill_chain": [ "cmtmf-attack:discovery" ] }, "uuid": "6e9807b1-2505-4ebe-a6f9-3348d3d60a2c", "value": "UE knocking" }, { "description": "TBD", "meta": { "external_id": "T0060", "kill_chain": [ "cmtmf-attack:discovery" ] }, "uuid": "eb40555d-aa7b-42d3-b998-b613460818b1", "value": "Internal Resource Search" }, { "description": "TBD", "meta": { "external_id": "T0061", "kill_chain": [ "cmtmf-attack:discovery" ] }, "uuid": "0753376d-1027-451a-b398-35e2700722d4", "value": "Network Sniffing" }, { "description": "TBD", "meta": { "external_id": "T0063", "kill_chain": [ "cmtmf-attack:lateral-movement" ] }, "uuid": "3a40f88e-bcf8-4b6e-919f-229ee48b5a1a", "value": "Abusing Inter-working Functionalities" }, { "description": "TBD", "meta": { "external_id": "T0064", "kill_chain": [ "cmtmf-attack:lateral-movement" ] }, "uuid": "5210f87e-7111-4f42-a941-de7649378670", "value": "Replication Through SMS" }, { "description": "TBD", "meta": { "external_id": "T0065", "kill_chain": [ "cmtmf-attack:lateral-movement" ] }, "uuid": "ef3eb056-73fa-405b-aa8c-f1777454c1c5", "value": "Replication Through Bluetooth" }, { "description": "TBD", "meta": { "external_id": "T0066", "kill_chain": [ "cmtmf-attack:lateral-movement" ] }, "uuid": "87ced388-2de0-4a71-b4b7-18de07d7aab7", "value": "Replication Through WLAN" }, { "description": "TBD", "meta": { "external_id": "T0067", "kill_chain": [ "cmtmf-attack:lateral-movement" ] }, "uuid": "c27db767-e8fa-4ff6-afe2-2b311bf6401d", "value": "Replication Through IP" }, { "description": "TBD", "meta": { "external_id": "T0068", "kill_chain": [ "cmtmf-attack:lateral-movement" ] }, "uuid": "063e1ff2-0af8-4431-b886-83463c5880a8", "value": "Exploit platform & service specific vulnerabilites" }, { "description": "TBD", "meta": { "external_id": "T0069", "kill_chain": [ "cmtmf-attack:collection", "cmtmf-attack:credential-access" ] }, "uuid": "2b5fd58f-09b6-4af9-a3d5-21e65617bf6f", "value": "Access Sensitive Data in Device Logs" }, { "description": "TBD", "meta": { "external_id": "T0070", "kill_chain": [ "cmtmf-attack:collection" ] }, "uuid": "831eb5b3-bcd9-4a1e-b587-bc0b4dc42059", "value": "Network Traffic Capture or Redirection" }, { "description": "TBD", "meta": { "external_id": "T0071", "kill_chain": [ "cmtmf-attack:collection" ] }, "uuid": "39aff570-7266-40d3-975e-a63838404a67", "value": "Network-specific identifiers" }, { "description": "TBD", "meta": { "external_id": "T0072", "kill_chain": [ "cmtmf-attack:collection" ] }, "uuid": "b706e308-6c75-457f-9d9f-fff37c60e1db", "value": "Network-specific data" }, { "description": "TBD", "meta": { "external_id": "T0073", "kill_chain": [ "cmtmf-attack:command-and-control" ] }, "uuid": "17983470-8ddb-47d2-9675-e25371a1b1ad", "value": "Application Layer Protocol" }, { "description": "TBD", "meta": { "external_id": "T0074", "kill_chain": [ "cmtmf-attack:command-and-control" ] }, "uuid": "0e114cd1-0f0e-4d5d-88e6-e7e31bb6040f", "value": "Communication via SMS" }, { "description": "TBD", "meta": { "external_id": "T0075", "kill_chain": [ "cmtmf-attack:command-and-control" ] }, "uuid": "6581316b-abab-4791-8821-92837688ec7f", "value": "Communication via Bluetooth" }, { "description": "TBD", "meta": { "external_id": "T0076", "kill_chain": [ "cmtmf-attack:command-and-control" ] }, "uuid": "99743297-6bd4-467e-8fca-841b43c88dd2", "value": "Communication via WLAN" }, { "description": "TBD", "meta": { "external_id": "T0077", "kill_chain": [ "cmtmf-attack:command-and-control" ] }, "uuid": "284abb74-49be-4a51-85a0-a1f68286bca7", "value": "Exploit SS7 to Redirect Phone Calls/SMS" }, { "description": "TBD", "meta": { "external_id": "T0078", "kill_chain": [ "cmtmf-attack:command-and-control" ] }, "uuid": "e6e16b6f-c692-4b21-8eb0-6c2890d6e28a", "value": "Exploit SS7 to Track Device Location" }, { "description": "TBD", "meta": { "external_id": "T0079", "kill_chain": [ "cmtmf-attack:command-and-control" ] }, "uuid": "85e2973b-8b37-4811-9406-f0c4db9fe44d", "value": "SS7-based attacks" }, { "description": "TBD", "meta": { "external_id": "T0080", "kill_chain": [ "cmtmf-attack:command-and-control" ] }, "uuid": "89005def-29bc-44cf-8002-e781b1596b1f", "value": "Diameter-based attacks" }, { "description": "TBD", "meta": { "external_id": "T0081", "kill_chain": [ "cmtmf-attack:command-and-control" ] }, "uuid": "3d4c4144-9a7e-4e92-9a10-731a31013628", "value": "GTP-based attacks" }, { "description": "TBD", "meta": { "external_id": "T0082", "kill_chain": [ "cmtmf-attack:command-and-control" ] }, "uuid": "47a84cf2-839e-4ff1-9de5-ee3314a5e173", "value": "NAS-based attacks" }, { "description": "TBD", "meta": { "external_id": "T0083", "kill_chain": [ "cmtmf-attack:command-and-control" ] }, "uuid": "c474ff9d-92e5-47c3-af19-4fcb85827fa1", "value": "MEC-based attacks" }, { "description": "TBD", "meta": { "external_id": "T0084", "kill_chain": [ "cmtmf-attack:command-and-control" ] }, "uuid": "3f76efaa-8881-4dab-ae50-d298206301ab", "value": "Network Slice" }, { "description": "TBD", "meta": { "external_id": "T0085", "kill_chain": [ "cmtmf-attack:exfiltration" ] }, "uuid": "670cd16f-50a3-4fd3-8ca5-31bfaa1fd5ff", "value": "Automated Exfiltration" }, { "description": "TBD", "meta": { "external_id": "T0086", "kill_chain": [ "cmtmf-attack:exfiltration" ] }, "uuid": "d5f814f7-a53c-4747-b780-bd8e43364648", "value": "Data Encrypted" }, { "description": "TBD", "meta": { "external_id": "T0087", "kill_chain": [ "cmtmf-attack:exfiltration" ] }, "uuid": "ab3f1c6a-2b14-44e4-b27b-3b482204977f", "value": "Alternate Network Mediums" }, { "description": "TBD", "meta": { "external_id": "T0088", "kill_chain": [ "cmtmf-attack:impact" ] }, "uuid": "ae23f6b2-5c3a-4d0c-9fd7-cacffcc0f08b", "value": "Data Manipulation" }, { "description": "TBD", "meta": { "external_id": "T0089", "kill_chain": [ "cmtmf-attack:impact" ] }, "uuid": "b82d3bbc-7fa0-4e48-8075-76bc22f80503", "value": "Endpoint Denial of Service" }, { "description": "TBD", "meta": { "external_id": "T0090", "kill_chain": [ "cmtmf-attack:impact" ] }, "uuid": "ba42942b-7f37-4ff2-8fc8-0b640add131e", "value": "Carrier Billing Fraud" }, { "description": "TBD", "meta": { "external_id": "T0091", "kill_chain": [ "cmtmf-attack:impact" ] }, "uuid": "8f9ca72c-757c-4691-a779-921605c88a46", "value": "SMS Fraud" }, { "description": "TBD", "meta": { "external_id": "T0092", "kill_chain": [ "cmtmf-attack:impact" ] }, "uuid": "73b37857-106b-40cc-b539-00fe1b8aefe3", "value": "Manipulate Device Communication" }, { "description": "TBD", "meta": { "external_id": "T0093", "kill_chain": [ "cmtmf-attack:impact" ] }, "uuid": "b4682597-2daf-4ab2-b333-6af83de0771b", "value": "Jamming or Denial of Service" }, { "description": "TBD", "meta": { "external_id": "T0095", "kill_chain": [ "cmtmf-attack:impact" ] }, "uuid": "9df725d7-fe97-42da-9be8-da248393a5fa", "value": "Location Tracking" }, { "description": "TBD", "meta": { "external_id": "T0096", "kill_chain": [ "cmtmf-attack:impact" ] }, "uuid": "7d89bb73-00e6-436c-96d6-f444b8f2ac15", "value": "Identity Exploit" }, { "description": "TBD", "meta": { "external_id": "T0097", "kill_chain": [ "cmtmf-attack:impact" ] }, "uuid": "1ca0fa6e-0484-4e4f-a10e-857225bd4819", "value": "Network Denial of Service" }, { "description": "TBD", "meta": { "external_id": "T0098", "kill_chain": [ "cmtmf-attack:impact" ] }, "uuid": "0b6e114b-2ded-4bc5-84d2-25cc81e8724a", "value": "Resource Hijacking" }, { "description": "TBD", "meta": { "external_id": "T0099", "kill_chain": [ "cmtmf-attack:impact" ] }, "uuid": "939f6c9d-bdb4-4877-89f0-716e346ef012", "value": "SLA Breach" }, { "description": "TBD", "meta": { "external_id": "T0100", "kill_chain": [ "cmtmf-attack:impact" ] }, "uuid": "75c4e3c7-8501-446d-b362-4134d035f7fa", "value": "Customer Churn" } ], "version": 5 }