- More threats

5GSEC · Jan 8, 2024 · 25805ef · 25805ef
1 parent 599d5d1
commit 25805ef
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -60,7 +60,9 @@ references:
    | [Exploit Public-Facing Application](threats/mitre/exploitPublicFacingApplication.yaml) |  | High |  |[FGT1190](https://fight.mitre.org/techniques/FGT1190) |
    | [Exploit Semi-public Facing Application](threats/mitre/exploitSemiPublicFacingApplication.yaml) |  | High | [mitre/networkTraffic](actions/mitre/networkTraffic) |[FGT5029](https://fight.mitre.org/techniques/FGT5029) |
    | [Protocol Tunneling](threats/mitre/protocolTunnelling.yaml) | Adversaries may tunnel network communications to and from a victim system within a separate protocol to avoid detection/network filtering and/or enable access to otherwise unreachable systems. | High | [mitre/encryptSensitiveInformation](actions/mitre/encryptSensitiveInformation), [mitre/networkTraffic](actions/mitre/networkTraffic) |[FGT1572.501](https://fight.mitre.org/techniques/FGT1572.501) |
+   | [Regitration of Malicious Network Functions](threats/mitre/registrationMaliciousNetworkFunctions.yaml) | An adversary, such as an insider to the MNO or vendor, could install a malicious NF into the core network, in order to launch other attacks or get access to information. | high | [mitre/networkSegmentation](actions/mitre/networkSegmentation) |[MITRE FiGHT](https://fight.mitre.org/techniques/FGT5006) |
    | [Rogue xApps unauthorized access](threats/mitre/rogueXappsUnauthAccess.yaml) | Malicious xApps may gain unauthorized access to near-RT RIC and E2 nodes | High | [mitre/credentialAccessProtection](actions/mitre/credentialAccessProtection), [mitre/networkSegmentation](actions/mitre/networkSegmentation) |[FGT5034](https://fight.mitre.org/techniques/FGT5034) |
+   | [Software Deployment Tools](threats/mitre/softwareDeploymentTools.yaml) | Adversaries may gain access to and use third-party software suites installed within an enterprise network, such as administration, monitoring, and deployment systems, to move laterally through the network. | High | [accuknox/preventPkgInstall](actions/accuknox/preventPkgInstall) |[FGT1072](https://fight.mitre.org/techniques/FGT1072) |
    | [SupplyChainCompromise](threats/mitre/supplyChainCompromise.yaml) | Adversaries may manipulate products or product delivery mechanisms prior to receipt by a final consumer for the purpose of data or system compromise. | High |  |[FGT1195](https://fight.mitre.org/techniques/FGT51195) |
    | [Unauthorized access to Network Exposure Function (NEF) via token fraud](threats/mitre/unAuthAccessNEFTokenFraud.yaml) | An adversary controlling an (external) Application Function (AF) presents a fraudulent OAuth access token to access Network Exposure Function (NEF) services | High |  |[FGT5011](https://fight.mitre.org/techniques/FGT5011) |
    | [Valid Accounts](threats/mitre/validAccounts.yaml) |  | High |  |[FGT1078](https://fight.mitre.org/techniques/FGT1078) |

diff --git a/threats/mitre/registrationMaliciousNetworkFunctions.yaml b/threats/mitre/registrationMaliciousNetworkFunctions.yaml
@@ -0,0 +1,17 @@
+title: Regitration of Malicious Network Functions
+description: An adversary, such as an insider to the MNO or vendor, could install a malicious NF into the core network, in order to launch other attacks or get access to information.
+severity: high
+tags: [mitre, execution]
+detectionMethods: 
+mitigationMethods:
+   - name: networkSegmentation
+     tag: [mitre, m1030]
+     description: network segmentation
+     url: 
+securityActions:
+  - mitre/networkSegmentation
+securityIntentBinding: sample-si-binding.yaml
+preDeploymentConsiderations: #Anything that can be done in CI/CD pipelines that can alleviate this threat
+references:
+  - name: MITRE FiGHT
+    url: https://fight.mitre.org/techniques/FGT5006
diff --git a/threats/mitre/softwareDeploymentTools.yaml b/threats/mitre/softwareDeploymentTools.yaml
@@ -0,0 +1,20 @@
+title: Software Deployment Tools
+description: Adversaries may gain access to and use third-party software suites installed within an enterprise network, such as administration, monitoring, and deployment systems, to move laterally through the network.
+severity: High
+tags:
+  - oran
+  - 5gcore
+  - generic
+detectionMethods: # Mechanisms to detect the threat
+mitigationMethods: # Mechanisms to mitigate the threat
+   - name: preventPkgInstall
+     tag: [accuknox, akx0002]
+     description: prevent package install
+     url: 
+securityActions:
+  - accuknox/preventPkgInstall
+securityIntentBinding: # Set of labels, annotations describing workloads who would be impacted by this threat
+preDeploymentConsiderations: [ ] # Anything that can be done in CI/CD pipelines that can alleviate this threat
+references:
+  - name: FGT1072
+    url: https://fight.mitre.org/techniques/FGT1072