adam/cti
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a33e30b57de5898d3f1da96e07ef9e9725523cd6
cti/mobile-attack/attack-pattern/attack-pattern--fb3fa94a-3aee-4ab0-b7e7-abdf0a51286d.json
T
Isabel Tuson a33e30b57d ATT&CK v7.1
2020-07-13 09:47:00 -04:00

77 lines
4.5 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--fced4c58-f8e0-41a9-9328-cd871710c160",
"spec_version": "2.0",
"objects": [
{
"id": "attack-pattern--fb3fa94a-3aee-4ab0-b7e7-abdf0a51286d",
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
"name": "Exploit SS7 to Redirect Phone Calls/SMS",
"description": "An adversary could exploit signaling system vulnerabilities to redirect calls or text messages (SMS) to a phone number under the attacker's control. The adversary could then act as a man-in-the-middle to intercept or manipulate the communication. (Citation: Engel-SS7) (Citation: Engel-SS7-2008) (Citation: 3GPP-Security) (Citation: Positive-SS7) (Citation: CSRIC5-WG10-FinalReport) Interception of SMS messages could enable adversaries to obtain authentication codes used for multi-factor authentication(Citation: TheRegister-SS7).",
"external_references": [
{
"source_name": "mitre-mobile-attack",
"url": "https://attack.mitre.org/techniques/T1449",
"external_id": "T1449"
},
{
"url": "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-37.html",
"source_name": "NIST Mobile Threat Catalogue",
"external_id": "CEL-37"
},
{
"source_name": "Engel-SS7",
"description": "Tobias Engel. (2014, December). SS7: Locate. Track. Manipulate.. Retrieved December 19, 2016.",
"url": "https://berlin.ccc.de/~tobias/31c3-ss7-locate-track-manipulate.pdf"
},
{
"source_name": "Engel-SS7-2008",
"description": "Tobias Engel. (2008, December). Locating Mobile Phones using SS7. Retrieved December 19, 2016.",
"url": "https://www.youtube.com/watch?v=q0n5ySqbfdI"
},
{
"source_name": "3GPP-Security",
"description": "3GPP. (2000, January). A Guide to 3rd Generation Security. Retrieved December 19, 2016.",
"url": "http://www.3gpp.org/ftp/tsg_sa/wg3_security/_specs/33900-120.pdf"
},
{
"source_name": "Positive-SS7",
"description": "Positive Technologies. (n.d.). SS7 Attack Discovery. Retrieved December 19, 2016.",
"url": "https://www.ptsecurity.com/upload/ptcom/PT-SS7-AD-Data-Sheet-eng.pdf"
},
{
"source_name": "CSRIC5-WG10-FinalReport",
"description": "Communications Security, Reliability, Interoperability Council (CSRIC). (2017, March). Working Group 10 Legacy Systems Risk Reductions Final Report. Retrieved May 24, 2017.",
"url": "https://www.fcc.gov/files/csric5-wg10-finalreport031517pdf"
},
{
"description": "Iain Thomson. (2017, May 3). After years of warnings, mobile network hackers exploit SS7 flaws to drain bank accounts. Retrieved November 8, 2018.",
"url": "https://www.theregister.co.uk/2017/05/03/hackers_fire_up_ss7_flaw/",
"source_name": "TheRegister-SS7"
}
],
"object_marking_refs": [
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
],
"type": "attack-pattern",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-mobile-attack",
"phase_name": "network-effects"
}
],
"modified": "2019-02-03T16:28:52.821Z",
"created": "2017-10-25T14:48:06.524Z",
"x_mitre_detection": "Network carriers may be able to use firewalls, Intrusion Detection Systems (IDS), or Intrusion Prevention Systems (IPS) to detect and/or block SS7 exploitation as described by the Communications, Security, Reliability, and Interoperability Council (CSRIC). (Citation: CSRIC5-WG10-FinalReport) The CSRIC also suggests threat information sharing between telecommunications industry members.",
"x_mitre_platforms": [
"Android",
"iOS"
],
"x_mitre_tactic_type": [
"Without Adversary Device Access"
],
"x_mitre_version": "1.1",
"x_mitre_old_attack_id": "MOB-T1052"
}
]
}
Reference in New Issue View Git Blame Copy Permalink