mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-29 18:27:19 +00:00
1674 lines
50 KiB
JSON
1674 lines
50 KiB
JSON
{
|
|
"authors": [
|
|
"MITRE"
|
|
],
|
|
"category": "data-source",
|
|
"description": "MITRE Five-G Hierarchy of Threats (FiGHT™) is a globally accessible knowledge base of adversary tactics and techniques that are used or could be used against 5G networks.",
|
|
"name": "MITRE FiGHT Data Sources",
|
|
"source": "https://fight.mitre.org/",
|
|
"type": "mitre-fight",
|
|
"uuid": "fb4410a1-5a39-4b30-934a-9cdfbcd4d2ad",
|
|
"values": [
|
|
{
|
|
"description": "Computer software that provides low-level control for the hardware and device(s) of a host, such as BIOS or UEFI/EFI",
|
|
"meta": {
|
|
"external_id": "DS0001",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/DS0001"
|
|
]
|
|
},
|
|
"uuid": "b84fc79d-1ee0-53ef-89f3-2814d1b51365",
|
|
"value": "Firmware"
|
|
},
|
|
{
|
|
"description": "A profile representing a user, device, service, or application used to authenticate and access resources",
|
|
"meta": {
|
|
"external_id": "DS0002",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/DS0002"
|
|
]
|
|
},
|
|
"related": [
|
|
{
|
|
"dest-uuid": "2e9b67f3-da8f-5680-b4e1-092cb9fba4a9",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "0d675425-11e0-58a1-a076-bc39275c7c13",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "9e8de070-7cbb-57d8-b0c4-9087088980d6",
|
|
"type": "detects"
|
|
}
|
|
],
|
|
"uuid": "eed23463-a7b6-555c-a7bf-2c3832fb00d0",
|
|
"value": "User Account"
|
|
},
|
|
{
|
|
"description": "Automated tasks that can be executed at a specific time or on a recurring schedule running in the background (ex: Cron daemon, task scheduler, BITS)",
|
|
"meta": {
|
|
"external_id": "DS0003",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/DS0003"
|
|
]
|
|
},
|
|
"uuid": "d7a0f5e9-2499-5a43-9066-9b3f799bc4a7",
|
|
"value": "Scheduled Job"
|
|
},
|
|
{
|
|
"description": "Information obtained (via shared or submitted samples) regarding malicious software (droppers, backdoors, etc.) used by adversaries",
|
|
"meta": {
|
|
"external_id": "DS0004",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/DS0004"
|
|
]
|
|
},
|
|
"uuid": "0643ccf6-bf00-522e-889b-c5bf31cb2ecc",
|
|
"value": "Malware Repository"
|
|
},
|
|
{
|
|
"description": "The infrastructure for management data and operations that enables local and remote management of Windows personal computers and servers",
|
|
"meta": {
|
|
"external_id": "DS0005",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/DS0005"
|
|
]
|
|
},
|
|
"uuid": "1a27ab14-5485-5cca-8e44-6ef239bee74b",
|
|
"value": "WMI"
|
|
},
|
|
{
|
|
"description": "Credential material, such as session cookies or tokens, used to authenticate to web applications and services",
|
|
"meta": {
|
|
"external_id": "DS0006",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/DS0006"
|
|
]
|
|
},
|
|
"related": [
|
|
{
|
|
"dest-uuid": "b106e8ff-3bd2-5295-bbce-e8cecf59aa15",
|
|
"type": "detects"
|
|
}
|
|
],
|
|
"uuid": "b8d58dd3-11e0-5118-b64e-7ae822cbf2cf",
|
|
"value": "Web Credential"
|
|
},
|
|
{
|
|
"description": "A single file used to deploy a virtual machine/bootable disk into an on-premise or third-party cloud environment",
|
|
"meta": {
|
|
"external_id": "DS0007",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/DS0007"
|
|
]
|
|
},
|
|
"related": [
|
|
{
|
|
"dest-uuid": "bb92bd94-2bba-507b-abf3-87c4c7efe70c",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "5dda31ba-0fe6-57b2-8023-684e76b5ea8b",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "c5e6ab87-13d8-5643-bbfd-ff0ad7b0bb43",
|
|
"type": "detects"
|
|
}
|
|
],
|
|
"uuid": "9c89df80-284c-50bd-b53c-408ce950baa2",
|
|
"value": "Image"
|
|
},
|
|
{
|
|
"description": "A computer program, at the core of a computer OS, that resides in memory and facilitates interactions between hardware and software components",
|
|
"meta": {
|
|
"external_id": "DS0008",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/DS0008"
|
|
]
|
|
},
|
|
"related": [
|
|
{
|
|
"dest-uuid": "5dda31ba-0fe6-57b2-8023-684e76b5ea8b",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "c5e6ab87-13d8-5643-bbfd-ff0ad7b0bb43",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "a5795746-77d6-5569-896a-b5a64745b1a0",
|
|
"type": "detects"
|
|
}
|
|
],
|
|
"uuid": "2ba57b64-315a-54e9-a654-7780d104d173",
|
|
"value": "Kernel"
|
|
},
|
|
{
|
|
"description": "Instances of computer programs that are being executed by at least one thread. Processes have memory space for process executables, loaded modules (DLLs or shared libraries), and allocated memory regions containing everything from user input to application-specific data structures",
|
|
"meta": {
|
|
"external_id": "DS0009",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/DS0009"
|
|
]
|
|
},
|
|
"related": [
|
|
{
|
|
"dest-uuid": "ece5710d-4edb-5077-acb5-65ec7c7b6eb3",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "5dda31ba-0fe6-57b2-8023-684e76b5ea8b",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "c5e6ab87-13d8-5643-bbfd-ff0ad7b0bb43",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "b3ff1c97-374b-57b4-b58a-05a026d58889",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "e347167e-d1f5-5309-a052-e8517cb4f476",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "d3c6705c-75d8-5243-93c2-37052321b3b8",
|
|
"type": "detects"
|
|
}
|
|
],
|
|
"uuid": "2251c650-0578-5b11-ab47-d05f1166dc47",
|
|
"value": "Process"
|
|
},
|
|
{
|
|
"description": "Data object storage infrastructure hosted on-premise or by third-party providers, made available to users through network connections and/or APIs",
|
|
"meta": {
|
|
"external_id": "DS0010",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/DS0010"
|
|
]
|
|
},
|
|
"related": [
|
|
{
|
|
"dest-uuid": "b106e8ff-3bd2-5295-bbce-e8cecf59aa15",
|
|
"type": "detects"
|
|
}
|
|
],
|
|
"uuid": "161ce32c-ba13-5a01-b587-4d09ce59bf99",
|
|
"value": "Cloud Storage"
|
|
},
|
|
{
|
|
"description": "Executable files consisting of one or more shared classes and interfaces, such as portable executable (PE) format binaries/dynamic link libraries (DLL), executable and linkable format (ELF) binaries/shared libraries, and Mach-O format binaries/shared libraries",
|
|
"meta": {
|
|
"external_id": "DS0011",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/DS0011"
|
|
]
|
|
},
|
|
"uuid": "391a9635-ef5e-5889-bce2-792f30889f7c",
|
|
"value": "Module"
|
|
},
|
|
{
|
|
"description": "A file or stream containing a list of commands, allowing them to be launched in sequence",
|
|
"meta": {
|
|
"external_id": "DS0012",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/DS0012"
|
|
]
|
|
},
|
|
"uuid": "19b850ba-65df-55f7-941a-387126b2243e",
|
|
"value": "Script"
|
|
},
|
|
{
|
|
"description": "Information from host telemetry providing insights about system status, errors, or other notable functional activity",
|
|
"meta": {
|
|
"external_id": "DS0013",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/DS0013"
|
|
]
|
|
},
|
|
"related": [
|
|
{
|
|
"dest-uuid": "c5e6ab87-13d8-5643-bbfd-ff0ad7b0bb43",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "6d098b34-48eb-5f31-88ac-0a1f8028541c",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "1f9f31c2-085b-5268-8dc8-31854ae51883",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "419a7291-db26-5987-b525-cacc5c09211c",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "6e75a12d-9572-52b2-9305-48df6aee9f56",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "f2f31e4d-69eb-52f7-b649-f140d4607865",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "c412d167-075e-5ecf-84f5-624c4b44b253",
|
|
"type": "detects"
|
|
}
|
|
],
|
|
"uuid": "5cbb4ceb-09b7-569d-b397-30ce5f6b99cb",
|
|
"value": "Sensor Health"
|
|
},
|
|
{
|
|
"description": "A single unit of shared resources within a cluster, comprised of one or more containers",
|
|
"meta": {
|
|
"external_id": "DS0014",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/DS0014"
|
|
]
|
|
},
|
|
"related": [
|
|
{
|
|
"dest-uuid": "41195cb9-821e-5ae3-8a07-ff966e809743",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "953fe631-28f3-539a-9ec6-0119fbba6208",
|
|
"type": "detects"
|
|
}
|
|
],
|
|
"uuid": "e133dc78-4dc5-5302-85b6-ad5c552803ad",
|
|
"value": "Pod"
|
|
},
|
|
{
|
|
"description": "Events collected by third-party services such as mail servers, web applications, or other appliances (not by the native OS or platform) Data sources with information about the set of devices found within the network, along with their current software and configurations",
|
|
"meta": {
|
|
"external_id": "DS0015",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/DS0015"
|
|
]
|
|
},
|
|
"related": [
|
|
{
|
|
"dest-uuid": "bc291a20-b999-5698-9282-d493c45b7e8f",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "31dbb269-1244-5113-a82e-15d3503c6c9a",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "193a90c2-215e-5340-9628-fade3b0d88a6",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "92ee2205-3046-5a74-9f0c-10db329f2bc3",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "619948ee-a419-5a48-b69b-d9bcc4ef5e37",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "0aac4d25-bafb-5d52-9352-6ff5eb09e66f",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "bb92bd94-2bba-507b-abf3-87c4c7efe70c",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "e72f4c00-8cb5-5e2e-b2ef-24a4c5609efe",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "223ee7bf-9652-51e1-a73b-62beaf017d28",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "da7624f2-39c0-5684-a81b-d33b571811e8",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "1369b34e-f6b7-5549-bf07-560e65641726",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "801f5dad-f3a6-5f2f-9ae5-c11d82006659",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "b3ff1c97-374b-57b4-b58a-05a026d58889",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "41195cb9-821e-5ae3-8a07-ff966e809743",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "953fe631-28f3-539a-9ec6-0119fbba6208",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "e347167e-d1f5-5309-a052-e8517cb4f476",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "1f9f31c2-085b-5268-8dc8-31854ae51883",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "419a7291-db26-5987-b525-cacc5c09211c",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "6e75a12d-9572-52b2-9305-48df6aee9f56",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "d3c6705c-75d8-5243-93c2-37052321b3b8",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "50ebe22e-551f-5940-84fb-bd8afa677022",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "08f36eb6-949f-5c5b-a21c-89632af4992e",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "c7db9e6c-f847-5493-9906-ea167f5817f6",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "6fb09d9b-f462-5aff-857d-1ef31a4d4036",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "e337b468-e4b9-52d0-91d9-988f7ed2d446",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "050010f3-0741-517b-a44b-e5c0384cd652",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "05e1f2ce-b171-541f-9dea-0356fa9eeb3b",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "27021503-2167-5be1-bb17-1c83a0f4dcc6",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "a7c41c90-2b84-5690-a75f-d59147880219",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "821bf2ff-d027-502a-966b-353d414a4b01",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "c91889e3-0989-54bc-9344-6d5c0841ff94",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "955b7c23-35a9-57df-a223-ed9d9b3d14ad",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "73d8dd2f-14f5-5774-8b7a-ca9712f63b91",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "73d8dd2f-14f5-5774-8b7a-ca9712f63b91",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "38a0f42d-caf7-50cc-b32f-7513019a8491",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "56a188ea-36f4-5322-bc12-899feac72eaa",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "8f866b4a-0347-509a-9f10-78af24f4ae8a",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "bd424f22-d5f4-53ee-b713-08cf49540c40",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "5bfb7a9c-d38d-530b-abf6-d6b9ac6cf065",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "f5d98e66-88a1-5187-b3f8-dfb943016b07",
|
|
"type": "detects"
|
|
}
|
|
],
|
|
"uuid": "3c23d0f7-d55c-5891-90b9-c744e976f0ef",
|
|
"value": "Application Log"
|
|
},
|
|
{
|
|
"description": "A non-volatile data storage device (hard drive, floppy disk, USB flash drive) with at least one formatted partition, typically mounted to the file system and/or assigned a drive letter",
|
|
"meta": {
|
|
"external_id": "DS0016",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/DS0016"
|
|
]
|
|
},
|
|
"uuid": "998f9588-1ed4-5fb5-87b2-affc4b526c26",
|
|
"value": "Drive"
|
|
},
|
|
{
|
|
"description": "A directive given to a computer program, acting as an interpreter of some kind, in order to perform a specific task",
|
|
"meta": {
|
|
"external_id": "DS0017",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/DS0017"
|
|
]
|
|
},
|
|
"related": [
|
|
{
|
|
"dest-uuid": "5070a116-df07-5ad9-a3d5-fc5c9f9cb198",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "953fe631-28f3-539a-9ec6-0119fbba6208",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "d3c6705c-75d8-5243-93c2-37052321b3b8",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "9e8de070-7cbb-57d8-b0c4-9087088980d6",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "4041250a-4a28-5877-9817-e4846ec78c5e",
|
|
"type": "detects"
|
|
}
|
|
],
|
|
"uuid": "b4de23d7-4248-56f9-9468-6d1217a5f7ff",
|
|
"value": "Command"
|
|
},
|
|
{
|
|
"description": "A network security system, running locally on an endpoint or remotely as a service (ex: cloud environment), that monitors and controls incoming/outgoing network traffic based on predefined rules",
|
|
"meta": {
|
|
"external_id": "DS0018",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/DS0018"
|
|
]
|
|
},
|
|
"related": [
|
|
{
|
|
"dest-uuid": "db54d004-c3b2-50ed-a591-314aa64c3cfe",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "0a3439d9-ff83-51cb-9661-65c311c87723",
|
|
"type": "detects"
|
|
}
|
|
],
|
|
"uuid": "1ede7e7c-4b97-5bad-b45f-559cdc364c62",
|
|
"value": "Firewall"
|
|
},
|
|
{
|
|
"description": "A computer process that is configured to execute continuously in the background and perform system tasks, in some cases before any user has logged in",
|
|
"meta": {
|
|
"external_id": "DS0019",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/DS0019"
|
|
]
|
|
},
|
|
"related": [
|
|
{
|
|
"dest-uuid": "5dda31ba-0fe6-57b2-8023-684e76b5ea8b",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "c5e6ab87-13d8-5643-bbfd-ff0ad7b0bb43",
|
|
"type": "detects"
|
|
}
|
|
],
|
|
"uuid": "1036f262-8a54-5edc-8350-9406dd3e51ff",
|
|
"value": "Service"
|
|
},
|
|
{
|
|
"description": "A malicious online profile representing a user commonly used by adversaries to social engineer or otherwise target victims",
|
|
"meta": {
|
|
"external_id": "DS0021",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/DS0021"
|
|
]
|
|
},
|
|
"uuid": "1e58fb95-79bb-5d97-aebb-15034f65a307",
|
|
"value": "Persona"
|
|
},
|
|
{
|
|
"description": "A computer resource object, managed by the I/O system, for storing data (such as images, text, videos, computer programs, or any wide variety of other media).",
|
|
"meta": {
|
|
"external_id": "DS0022",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/DS0022"
|
|
]
|
|
},
|
|
"related": [
|
|
{
|
|
"dest-uuid": "5dda31ba-0fe6-57b2-8023-684e76b5ea8b",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "c5e6ab87-13d8-5643-bbfd-ff0ad7b0bb43",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "6d098b34-48eb-5f31-88ac-0a1f8028541c",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "9e8de070-7cbb-57d8-b0c4-9087088980d6",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "a7c41c90-2b84-5690-a75f-d59147880219",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "821bf2ff-d027-502a-966b-353d414a4b01",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "98bb572f-6298-5c69-b2ee-13d74dead58f",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "c412d167-075e-5ecf-84f5-624c4b44b253",
|
|
"type": "detects"
|
|
}
|
|
],
|
|
"uuid": "6151c447-21b5-5530-8760-375ac25fb3e8",
|
|
"value": "File"
|
|
},
|
|
{
|
|
"description": "Mechanisms that allow inter-process communication locally or over the network. A named pipe is usually found as a file and processes attach to it",
|
|
"meta": {
|
|
"external_id": "DS0023",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/DS0023"
|
|
]
|
|
},
|
|
"uuid": "492a0108-b3e4-513a-94df-5bd3326babe0",
|
|
"value": "Named Pipe"
|
|
},
|
|
{
|
|
"description": "A Windows OS hierarchical database that stores much of the information and settings for software programs, hardware devices, user preferences, and operating-system configurations",
|
|
"meta": {
|
|
"external_id": "DS0024",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/DS0024"
|
|
]
|
|
},
|
|
"uuid": "0d50799f-6d30-585a-861b-81b6e8b09ea4",
|
|
"value": "Windows Registry"
|
|
},
|
|
{
|
|
"description": "Infrastructure, platforms, or software that are hosted on-premise or by third-party providers, made available to users through network connections and/or APIs",
|
|
"meta": {
|
|
"external_id": "DS0025",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/DS0025"
|
|
]
|
|
},
|
|
"related": [
|
|
{
|
|
"dest-uuid": "a7c41c90-2b84-5690-a75f-d59147880219",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "821bf2ff-d027-502a-966b-353d414a4b01",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "b106e8ff-3bd2-5295-bbce-e8cecf59aa15",
|
|
"type": "detects"
|
|
}
|
|
],
|
|
"uuid": "dc2f1c60-eb57-5350-bb83-fc41d4ec3255",
|
|
"value": "Cloud Service"
|
|
},
|
|
{
|
|
"description": "A database and set of services that allows administrators to manage permissions, access to network resources, and stored data objects (user, group, application, or devices)",
|
|
"meta": {
|
|
"external_id": "DS0026",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/DS0026"
|
|
]
|
|
},
|
|
"uuid": "b067aad0-1239-56f2-9087-61c4f52bce46",
|
|
"value": "Active Directory"
|
|
},
|
|
{
|
|
"description": "A computer program that operates or controls a particular type of device that is attached to a computer. Provides a software interface to hardware devices, enabling operating systems and other computer programs to access hardware functions without needing to know precise details about the hardware being used",
|
|
"meta": {
|
|
"external_id": "DS0027",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/DS0027"
|
|
]
|
|
},
|
|
"uuid": "25f40bcc-0618-5d0e-bc58-177a15ca37ea",
|
|
"value": "Driver"
|
|
},
|
|
{
|
|
"description": "Logon occurring on a system or resource (local, domain, or cloud) to which a user/device is gaining access after successful authentication and authorizaton",
|
|
"meta": {
|
|
"external_id": "DS0028",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/DS0028"
|
|
]
|
|
},
|
|
"related": [
|
|
{
|
|
"dest-uuid": "bb92bd94-2bba-507b-abf3-87c4c7efe70c",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "2e9b67f3-da8f-5680-b4e1-092cb9fba4a9",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "5070a116-df07-5ad9-a3d5-fc5c9f9cb198",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "0d675425-11e0-58a1-a076-bc39275c7c13",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "1f9f31c2-085b-5268-8dc8-31854ae51883",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "419a7291-db26-5987-b525-cacc5c09211c",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "6e75a12d-9572-52b2-9305-48df6aee9f56",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "9e8de070-7cbb-57d8-b0c4-9087088980d6",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "50ebe22e-551f-5940-84fb-bd8afa677022",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "bd424f22-d5f4-53ee-b713-08cf49540c40",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "5bfb7a9c-d38d-530b-abf6-d6b9ac6cf065",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "f5d98e66-88a1-5187-b3f8-dfb943016b07",
|
|
"type": "detects"
|
|
}
|
|
],
|
|
"uuid": "859ecf98-b107-5a3a-886e-dfb46999fe09",
|
|
"value": "Logon Session"
|
|
},
|
|
{
|
|
"description": "Data transmitted across a network (ex: Web, DNS, Mail, File, etc.), that is either summarized (ex: Netflow) and/or captured as raw data in an analyzable format (ex: PCAP)",
|
|
"meta": {
|
|
"external_id": "DS0029",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/DS0029"
|
|
]
|
|
},
|
|
"related": [
|
|
{
|
|
"dest-uuid": "bc291a20-b999-5698-9282-d493c45b7e8f",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "92ee2205-3046-5a74-9f0c-10db329f2bc3",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "619948ee-a419-5a48-b69b-d9bcc4ef5e37",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "0aac4d25-bafb-5d52-9352-6ff5eb09e66f",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "bb92bd94-2bba-507b-abf3-87c4c7efe70c",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "e72f4c00-8cb5-5e2e-b2ef-24a4c5609efe",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "5dda31ba-0fe6-57b2-8023-684e76b5ea8b",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "c5e6ab87-13d8-5643-bbfd-ff0ad7b0bb43",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "801f5dad-f3a6-5f2f-9ae5-c11d82006659",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "7204f27e-130a-5f8e-a146-be299759a0b1",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "5070a116-df07-5ad9-a3d5-fc5c9f9cb198",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "1f9f31c2-085b-5268-8dc8-31854ae51883",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "419a7291-db26-5987-b525-cacc5c09211c",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "6e75a12d-9572-52b2-9305-48df6aee9f56",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "9e8de070-7cbb-57d8-b0c4-9087088980d6",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "50ebe22e-551f-5940-84fb-bd8afa677022",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "37523488-caf0-501a-8932-3a5e0792babf",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "324d139b-10ba-5228-9da1-61464a09a63a",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "45468bb6-5eb7-5f36-922a-5ee8f3da68d0",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "c7db9e6c-f847-5493-9906-ea167f5817f6",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "050010f3-0741-517b-a44b-e5c0384cd652",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "86a7c7b0-39ac-5e29-9fbd-063f70fcc7fc",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "86a7c7b0-39ac-5e29-9fbd-063f70fcc7fc",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "86a7c7b0-39ac-5e29-9fbd-063f70fcc7fc",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "d1feaf56-ae8c-5726-b17b-0149ce7a91f7",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "4d8acf53-2350-5390-af4d-7ba1f5f9dc13",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "955b7c23-35a9-57df-a223-ed9d9b3d14ad",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "73d8dd2f-14f5-5774-8b7a-ca9712f63b91",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "73d8dd2f-14f5-5774-8b7a-ca9712f63b91",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "38a0f42d-caf7-50cc-b32f-7513019a8491",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "c6b2b946-0822-5890-9092-c08dcc7f3487",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "56a188ea-36f4-5322-bc12-899feac72eaa",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "8f866b4a-0347-509a-9f10-78af24f4ae8a",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "bd424f22-d5f4-53ee-b713-08cf49540c40",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "1bb0f047-9620-5b17-9600-67fde122add6",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "a7d496b8-5fa7-5009-afdf-95f2e5ff0b82",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "8bb2a143-8c23-5de4-8c85-4b8df958ddc3",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "c7b888fb-5cff-5e2f-bb9a-1812b325f935",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "42ff8bbd-7d2d-5e77-991d-62e9f7e16500",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "b703c8f8-28b1-5fb3-8cbd-a1b154fddc68",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "69f88409-9eb0-522a-be97-8fd230c68ab5",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "4041250a-4a28-5877-9817-e4846ec78c5e",
|
|
"type": "detects"
|
|
}
|
|
],
|
|
"uuid": "becdcf31-3d2a-53bb-8251-51e9da4a0df6",
|
|
"value": "Network Traffic"
|
|
},
|
|
{
|
|
"description": "A virtual server environment which runs workloads, hosted on-premise or by third-party cloud providers",
|
|
"meta": {
|
|
"external_id": "DS0030",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/DS0030"
|
|
]
|
|
},
|
|
"uuid": "42a6b816-935b-5ff2-a975-7c5d2e097dc0",
|
|
"value": "Instance"
|
|
},
|
|
{
|
|
"description": "A set of containerized computing resources that are managed together but have separate nodes to execute various tasks and/or applications",
|
|
"meta": {
|
|
"external_id": "DS0031",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/DS0031"
|
|
]
|
|
},
|
|
"uuid": "51bd1dc9-07ce-5db3-be83-d81f958ca756",
|
|
"value": "Cluster"
|
|
},
|
|
{
|
|
"description": "A standard unit of virtualized software that packages up code and all its dependencies so the application runs quickly and reliably from one computing environment to another",
|
|
"meta": {
|
|
"external_id": "DS0032",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/DS0032"
|
|
]
|
|
},
|
|
"related": [
|
|
{
|
|
"dest-uuid": "ece5710d-4edb-5077-acb5-65ec7c7b6eb3",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "223ee7bf-9652-51e1-a73b-62beaf017d28",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "41195cb9-821e-5ae3-8a07-ff966e809743",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "953fe631-28f3-539a-9ec6-0119fbba6208",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "e347167e-d1f5-5309-a052-e8517cb4f476",
|
|
"type": "detects"
|
|
}
|
|
],
|
|
"uuid": "ec826f62-f75d-54a6-ad04-6b19f808283f",
|
|
"value": "Container"
|
|
},
|
|
{
|
|
"description": "A storage resource (typically a folder or drive) made available from one host to others using network protocols, such as Server Message Block (SMB) or Network File System (NFS)",
|
|
"meta": {
|
|
"external_id": "DS0033",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/DS0033"
|
|
]
|
|
},
|
|
"uuid": "d07c9f37-25bd-5791-9345-387f9e85447b",
|
|
"value": "Network Share"
|
|
},
|
|
{
|
|
"description": "Block object storage hosted on-premise or by third-party providers, typically made available to resources as virtualized hard drives",
|
|
"meta": {
|
|
"external_id": "DS0034",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/DS0034"
|
|
]
|
|
},
|
|
"related": [
|
|
{
|
|
"dest-uuid": "ece5710d-4edb-5077-acb5-65ec7c7b6eb3",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "e347167e-d1f5-5309-a052-e8517cb4f476",
|
|
"type": "detects"
|
|
}
|
|
],
|
|
"uuid": "656442c9-cfef-567b-8ee3-8df729d3eff2",
|
|
"value": "Volume"
|
|
},
|
|
{
|
|
"description": "Information obtained (commonly via active network traffic probes or web crawling) regarding various types of resources and servers connected to the public Internet",
|
|
"meta": {
|
|
"external_id": "DS0035",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/DS0035"
|
|
]
|
|
},
|
|
"uuid": "1ee74f27-44e6-5b4b-9933-87c807467d03",
|
|
"value": "Internet Scan"
|
|
},
|
|
{
|
|
"description": "A collection of multiple user accounts that share the same access rights to the computer and/or network resources and have common security rights",
|
|
"meta": {
|
|
"external_id": "DS0036",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/DS0036"
|
|
]
|
|
},
|
|
"uuid": "62242e98-bd7f-5564-bbd7-6063bf8c6fa0",
|
|
"value": "Group"
|
|
},
|
|
{
|
|
"description": "A digital document, which highlights information such as the owner's identity, used to instill trust in public keys used while encrypting network communications",
|
|
"meta": {
|
|
"external_id": "DS0037",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/DS0037"
|
|
]
|
|
},
|
|
"related": [
|
|
{
|
|
"dest-uuid": "b106e8ff-3bd2-5295-bbce-e8cecf59aa15",
|
|
"type": "detects"
|
|
}
|
|
],
|
|
"uuid": "49b5f184-6fbb-5082-ac82-eaef61937c12",
|
|
"value": "Certificate"
|
|
},
|
|
{
|
|
"description": "Information obtained (commonly through registration or activity logs) regarding one or more IP addresses registered with human readable names (ex: mitre.org)",
|
|
"meta": {
|
|
"external_id": "DS0038",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/DS0038"
|
|
]
|
|
},
|
|
"uuid": "05ae5ab2-e94d-5439-abc9-e1603e43f33b",
|
|
"value": "Domain Name"
|
|
},
|
|
{
|
|
"description": "Monitoring ability to detect new ports, devices on the network",
|
|
"meta": {
|
|
"external_id": "DS0039",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/DS0039"
|
|
]
|
|
},
|
|
"related": [
|
|
{
|
|
"dest-uuid": "d3c6705c-75d8-5243-93c2-37052321b3b8",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "69f88409-9eb0-522a-be97-8fd230c68ab5",
|
|
"type": "detects"
|
|
}
|
|
],
|
|
"uuid": "74329f64-d1b9-5cc2-95a6-f924acadba2b",
|
|
"value": "Asset"
|
|
},
|
|
{
|
|
"description": "Operational databases contain information about the status of the operational process and associated devices, including any measurements, events, history, or alarms that have occurred",
|
|
"meta": {
|
|
"external_id": "DS0040",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/DS0040"
|
|
]
|
|
},
|
|
"related": [
|
|
{
|
|
"dest-uuid": "e68305ff-66cd-561c-ad2a-ec52af816e49",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "01ff78f1-27a8-553e-bc67-299a1a9203d1",
|
|
"type": "detects"
|
|
}
|
|
],
|
|
"uuid": "22bdace6-45b5-553b-9391-00a9b800d218",
|
|
"value": "Operational Databases"
|
|
},
|
|
{
|
|
"description": "RF spectrum monitoring equipment, optionally including direction finding and geolocation",
|
|
"meta": {
|
|
"external_id": "FGDS5001",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/FGDS5001"
|
|
]
|
|
},
|
|
"related": [
|
|
{
|
|
"dest-uuid": "a197ad7f-265d-5d5f-afe3-da6a33bedbc9",
|
|
"type": "detects"
|
|
}
|
|
],
|
|
"uuid": "975233cb-58b4-5ed0-ba6b-0989d39904f6",
|
|
"value": "RF Spectrum Monitor"
|
|
},
|
|
{
|
|
"description": "UE measurements of received power levels from all base stations nearby. Report to operator gNB radio signals (sent to all UEs to enable them to select gNB and connect) received at a given UE",
|
|
"meta": {
|
|
"external_id": "FGDS5002",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/FGDS5002"
|
|
]
|
|
},
|
|
"related": [
|
|
{
|
|
"dest-uuid": "125336d2-ca71-57b5-a46e-faca5013c555",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "e1e65d1c-788e-587c-b4ba-6cf7a05cd067",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "98509c8f-fa9a-5306-90fe-eb2d2050f2b9",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "68dc47f0-fd8a-5b9e-82c4-f728f425bcc1",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "9493634f-2d0d-5f25-9c3e-be342453bd6d",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "8d6964fb-fab4-525a-93ce-f5a1d436d8eb",
|
|
"type": "detects"
|
|
}
|
|
],
|
|
"uuid": "fa9ee8fb-7f25-554c-9682-0e50e774812d",
|
|
"value": "UE signal measurements"
|
|
},
|
|
{
|
|
"description": "Audit charging system records for anomaly",
|
|
"meta": {
|
|
"external_id": "FGDS5003",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/FGDS5003"
|
|
]
|
|
},
|
|
"related": [
|
|
{
|
|
"dest-uuid": "7204f27e-130a-5f8e-a146-be299759a0b1",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "afb4b3e2-3b27-558f-8b93-cc7d52847880",
|
|
"type": "detects"
|
|
}
|
|
],
|
|
"uuid": "1725d4c2-fee4-55e5-a49b-12fce10c0a1c",
|
|
"value": "Charging anomaly"
|
|
},
|
|
{
|
|
"description": "Scan voice calls for certain amount of losses to detect if the call is made over internet (IP)",
|
|
"meta": {
|
|
"external_id": "FGDS5004",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/FGDS5004"
|
|
]
|
|
},
|
|
"uuid": "ffc31b05-0f95-5f65-9fc5-7de201e2b468",
|
|
"value": "Scan voice calls"
|
|
},
|
|
{
|
|
"description": "Keep track of SIM cards with unusual pattern",
|
|
"meta": {
|
|
"external_id": "FGDS5005",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/FGDS5005"
|
|
]
|
|
},
|
|
"related": [
|
|
{
|
|
"dest-uuid": "546fe007-3842-55ef-a805-98bcd7f3ad8d",
|
|
"type": "detects"
|
|
}
|
|
],
|
|
"uuid": "0821a970-9001-51cc-8568-1d0b35f7ec61",
|
|
"value": "SIM card pattern"
|
|
},
|
|
{
|
|
"description": "Monitor for excessive data usage; including using AI/ML",
|
|
"meta": {
|
|
"external_id": "FGDS5006",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/FGDS5006"
|
|
]
|
|
},
|
|
"related": [
|
|
{
|
|
"dest-uuid": "e1f9e40f-2345-5140-bf1f-4d53e69451f8",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "77711215-9211-570f-90bf-4e441126c231",
|
|
"type": "detects"
|
|
}
|
|
],
|
|
"uuid": "f6a1601e-dab5-5382-88a5-c64c8d34570f",
|
|
"value": "UE data usage"
|
|
},
|
|
{
|
|
"description": "Number of access requests received from UEs (or a single UE) at the gNB. Keep track to avoid overload.",
|
|
"meta": {
|
|
"external_id": "FGDS5007",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/FGDS5007"
|
|
]
|
|
},
|
|
"related": [
|
|
{
|
|
"dest-uuid": "053c159a-7cd4-54d3-b4fd-4b644abe25e2",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "053c159a-7cd4-54d3-b4fd-4b644abe25e2",
|
|
"type": "detects"
|
|
}
|
|
],
|
|
"uuid": "654fe97f-0d42-55e8-9295-92ab625315bd",
|
|
"value": "UE access requests"
|
|
},
|
|
{
|
|
"description": "Leaking IR.21 information on the Internet can be found",
|
|
"meta": {
|
|
"external_id": "FGDS5008",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/FGDS5008"
|
|
]
|
|
},
|
|
"related": [
|
|
{
|
|
"dest-uuid": "a52fef9e-78f3-525a-93ed-21281dfc9165",
|
|
"type": "detects"
|
|
}
|
|
],
|
|
"uuid": "0e87addc-6d6d-534c-bbd6-ee0ac7416c5e",
|
|
"value": "Search Internet for leaks"
|
|
},
|
|
{
|
|
"description": "Maintain logs of access to operator O&M resources like IR.21 databases.",
|
|
"meta": {
|
|
"external_id": "FGDS5009",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/FGDS5009"
|
|
]
|
|
},
|
|
"related": [
|
|
{
|
|
"dest-uuid": "a52fef9e-78f3-525a-93ed-21281dfc9165",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "c495a257-7155-54b2-abf8-86d87cf5693e",
|
|
"type": "detects"
|
|
}
|
|
],
|
|
"uuid": "48956a40-c7df-5979-b4d3-4846eef3e0bb",
|
|
"value": "Access to operator resource"
|
|
},
|
|
{
|
|
"description": "UE transitions from 5GS to 4G/EPS with less or no security",
|
|
"meta": {
|
|
"external_id": "FGDS5010",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/FGDS5010"
|
|
]
|
|
},
|
|
"related": [
|
|
{
|
|
"dest-uuid": "339962a1-33fa-57b3-be62-29fee78e33ce",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "0551e810-74ac-5a51-82c1-abaebeb3dfd4",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "9c0ebe3d-6a66-5914-83a1-0adcdbbe878b",
|
|
"type": "detects"
|
|
}
|
|
],
|
|
"uuid": "d8cdf251-95c8-5624-bf93-4b468c59011f",
|
|
"value": "UE transition to less secure service"
|
|
},
|
|
{
|
|
"description": "Subscriber notifies service provider about DoS attack or other issues",
|
|
"meta": {
|
|
"external_id": "FGDS5011",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/FGDS5011"
|
|
]
|
|
},
|
|
"related": [
|
|
{
|
|
"dest-uuid": "bd995aff-6175-5cef-a78a-652632ab62f8",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "6e09e20a-1d87-5aed-95e4-bf7042bb29bd",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "77711215-9211-570f-90bf-4e441126c231",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "86a7c7b0-39ac-5e29-9fbd-063f70fcc7fc",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "b7d97abb-011a-5c34-b1e6-fb52dad3c728",
|
|
"type": "detects"
|
|
}
|
|
],
|
|
"uuid": "d753b96b-6097-546e-bfc0-e64c588eec13",
|
|
"value": "Subscriber notify provider"
|
|
},
|
|
{
|
|
"description": "Security Incident and event monitoring. Event logs recording user activities, exceptions, faults and information security events should be produced, kept and regularly reviewed",
|
|
"meta": {
|
|
"external_id": "FGDS5012",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/FGDS5012"
|
|
]
|
|
},
|
|
"related": [
|
|
{
|
|
"dest-uuid": "21ae9651-77b5-56ac-9c1c-aa3e8dbb2bf2",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "9b4ab0a5-6569-5ce5-ac35-4f632ad26368",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "43f379c1-07a7-5d2d-beac-368ceedf469a",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "82950003-cd95-54ed-8988-4ad75642e467",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "51c9dce1-3901-5469-8840-ea8bc24e1703",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "f2f31e4d-69eb-52f7-b649-f140d4607865",
|
|
"type": "detects"
|
|
}
|
|
],
|
|
"uuid": "7a823dc9-a6c0-5d4f-95ca-b13ba57696df",
|
|
"value": "SIEM"
|
|
},
|
|
{
|
|
"description": "The UE can tell that there is a 5G cell site that it can hear, but if it eventually gets connected to a 4G cell site",
|
|
"meta": {
|
|
"external_id": "FGDS5013",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/FGDS5013"
|
|
]
|
|
},
|
|
"related": [
|
|
{
|
|
"dest-uuid": "f496a628-bfe9-51ec-8ebf-d78cfe752c7c",
|
|
"type": "detects"
|
|
}
|
|
],
|
|
"uuid": "a840f248-f516-5dc6-b79e-941abf405905",
|
|
"value": "UE connecting to 4G"
|
|
},
|
|
{
|
|
"description": "Analyze SDN logs to detect unauthorized activity",
|
|
"meta": {
|
|
"external_id": "FGDS5014",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/FGDS5014"
|
|
]
|
|
},
|
|
"related": [
|
|
{
|
|
"dest-uuid": "92ee2205-3046-5a74-9f0c-10db329f2bc3",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "619948ee-a419-5a48-b69b-d9bcc4ef5e37",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "0aac4d25-bafb-5d52-9352-6ff5eb09e66f",
|
|
"type": "detects"
|
|
}
|
|
],
|
|
"uuid": "6a72edd8-428c-5a31-8f36-1ccee776ff19",
|
|
"value": "SDN Access Logs"
|
|
},
|
|
{
|
|
"description": "Automated hash verification of images",
|
|
"meta": {
|
|
"external_id": "FGDS5015",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/FGDS5015"
|
|
]
|
|
},
|
|
"related": [
|
|
{
|
|
"dest-uuid": "21ae9651-77b5-56ac-9c1c-aa3e8dbb2bf2",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "a7c41c90-2b84-5690-a75f-d59147880219",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "821bf2ff-d027-502a-966b-353d414a4b01",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "8bb2a143-8c23-5de4-8c85-4b8df958ddc3",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "b106e8ff-3bd2-5295-bbce-e8cecf59aa15",
|
|
"type": "detects"
|
|
}
|
|
],
|
|
"uuid": "9325a5c1-d001-53cc-b556-749181f60f6a",
|
|
"value": "Image verification"
|
|
},
|
|
{
|
|
"description": "Verify payload for GTP-U encapsulated packets",
|
|
"meta": {
|
|
"external_id": "FGDS5016",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/FGDS5016"
|
|
]
|
|
},
|
|
"related": [
|
|
{
|
|
"dest-uuid": "1bb0f047-9620-5b17-9600-67fde122add6",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "a7d496b8-5fa7-5009-afdf-95f2e5ff0b82",
|
|
"type": "detects"
|
|
}
|
|
],
|
|
"uuid": "d1c31410-6e09-5596-a3f4-845be02da979",
|
|
"value": "Payload checking"
|
|
},
|
|
{
|
|
"description": "Monitor gNB and core network logs for NULL scheme usage for SUCI protection.",
|
|
"meta": {
|
|
"external_id": "FGDS5017",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/FGDS5017"
|
|
]
|
|
},
|
|
"related": [
|
|
{
|
|
"dest-uuid": "0fb6c06a-2c2e-5d38-85c3-bf0646f73e7d",
|
|
"type": "detects"
|
|
}
|
|
],
|
|
"uuid": "83cbc882-1b4a-5dd1-ae14-f49c7bb44eb9",
|
|
"value": "Monitor null scheme usage"
|
|
},
|
|
{
|
|
"description": "Monitor provisioning logs in core network for changes in home network public key and home PLMN ID.",
|
|
"meta": {
|
|
"external_id": "FGDS5018",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/FGDS5018"
|
|
]
|
|
},
|
|
"related": [
|
|
{
|
|
"dest-uuid": "0fb6c06a-2c2e-5d38-85c3-bf0646f73e7d",
|
|
"type": "detects"
|
|
}
|
|
],
|
|
"uuid": "2e2e96ee-57ab-594a-b4b4-ac98bc0255a7",
|
|
"value": "Monitor provisioning logs"
|
|
},
|
|
{
|
|
"description": "Monitor when UE makes emergency call or when UE is moved to eNB in NSA mode.",
|
|
"meta": {
|
|
"external_id": "FGDS5019",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/FGDS5019"
|
|
]
|
|
},
|
|
"related": [
|
|
{
|
|
"dest-uuid": "0fb6c06a-2c2e-5d38-85c3-bf0646f73e7d",
|
|
"type": "detects"
|
|
}
|
|
],
|
|
"uuid": "57ca692f-8e22-5cc4-999c-391c2ad149f0",
|
|
"value": "Monitor operations logs"
|
|
},
|
|
{
|
|
"description": "Monitor gNB logs for unplanned network service outages.",
|
|
"meta": {
|
|
"external_id": "FGDS5020",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/FGDS5020"
|
|
]
|
|
},
|
|
"related": [
|
|
{
|
|
"dest-uuid": "9ab2ef09-66e5-5f94-9e95-0a46be5d2642",
|
|
"type": "detects"
|
|
}
|
|
],
|
|
"uuid": "81069d9a-ad01-507c-851c-c0e3d8b28c03",
|
|
"value": "Monitor unplanned service outage"
|
|
},
|
|
{
|
|
"description": "Monitor all 3rd party application onboarding processes and use host scanning to detect malware insertions.",
|
|
"meta": {
|
|
"external_id": "FGDS5021",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/FGDS5021"
|
|
]
|
|
},
|
|
"related": [
|
|
{
|
|
"dest-uuid": "b106e8ff-3bd2-5295-bbce-e8cecf59aa15",
|
|
"type": "detects"
|
|
}
|
|
],
|
|
"uuid": "29b8c27c-eacf-526c-afbc-09e413e0c7c1",
|
|
"value": "Monitor 3rd party application onboarding"
|
|
},
|
|
{
|
|
"description": "Monitor if any security configurations have been downgraded to weak or no security.",
|
|
"meta": {
|
|
"external_id": "FGDS5022",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/FGDS5022"
|
|
]
|
|
},
|
|
"related": [
|
|
{
|
|
"dest-uuid": "d3c6705c-75d8-5243-93c2-37052321b3b8",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "86a7c7b0-39ac-5e29-9fbd-063f70fcc7fc",
|
|
"type": "detects"
|
|
}
|
|
],
|
|
"uuid": "10ca0edd-033d-5bb2-a4f7-27fc5f5ca2f8",
|
|
"value": "Monitor security configurations"
|
|
},
|
|
{
|
|
"description": "Run at the UE side an application/tool to detect received silent SMS messages",
|
|
"meta": {
|
|
"external_id": "FGDS5102",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/FGDS5102"
|
|
]
|
|
},
|
|
"related": [
|
|
{
|
|
"dest-uuid": "1f38842c-f33b-559a-b8d1-a122444b3a7e",
|
|
"type": "detects"
|
|
},
|
|
{
|
|
"dest-uuid": "9493634f-2d0d-5f25-9c3e-be342453bd6d",
|
|
"type": "detects"
|
|
}
|
|
],
|
|
"uuid": "1e78650b-fab0-508c-b55e-a5c69be5b3df",
|
|
"value": "Silent SMS detector"
|
|
},
|
|
{
|
|
"description": "Automated policy compliance checks",
|
|
"meta": {
|
|
"external_id": "FGDS5023",
|
|
"kill_chain": [],
|
|
"refs": [
|
|
"https://fight.mitre.org/data%sources/FGDS5023"
|
|
]
|
|
},
|
|
"related": [
|
|
{
|
|
"dest-uuid": "f2f31e4d-69eb-52f7-b649-f140d4607865",
|
|
"type": "detects"
|
|
}
|
|
],
|
|
"uuid": "98132164-af5d-57b9-9319-5ee110bcc541",
|
|
"value": "Audit policy violation"
|
|
}
|
|
],
|
|
"version": 1
|
|
}
|