From 9b6ae19fc0b6e152646a4a757635db002b3e5f82 Mon Sep 17 00:00:00 2001 From: Shiv Bhagavatula Date: Mon, 8 Jan 2024 17:39:13 +0530 Subject: [PATCH] - More files --- README.md | 1 + threats/mitre/gNodeBComponentManipulation.yaml | 12 ++++++++++++ 2 files changed, 13 insertions(+) create mode 100644 threats/mitre/gNodeBComponentManipulation.yaml diff --git a/README.md b/README.md index b1a8f08..321f253 100644 --- a/README.md +++ b/README.md @@ -59,6 +59,7 @@ references: | [DNS Manipulation](threats/mitre/dnsManipulation.yaml) | An adversary can manipulate DNS requests to redirect network traffic and potentially reveal end user activity. | high | [accuknox/preventLocalDNSHijack](actions/accuknox/preventLocalDNSHijack), [mitre/integrityProtection](actions/mitre/integrityProtection), [mitre/networkTraffic](actions/mitre/networkTraffic) |[MITRE FiGHT](https://fight.mitre.org/techniques/FGT5006) | | [Exploit Public-Facing Application](threats/mitre/exploitPublicFacingApplication.yaml) | | High | |[FGT1190](https://fight.mitre.org/techniques/FGT1190) | | [Exploit Semi-public Facing Application](threats/mitre/exploitSemiPublicFacingApplication.yaml) | | High | [mitre/networkTraffic](actions/mitre/networkTraffic) |[FGT5029](https://fight.mitre.org/techniques/FGT5029) | + | [gNodeB Component Manipulation](threats/mitre/gNodeBComponentManipulation.yaml) | An adversary may compromise a component of gNodeB to affect radio network configuration | high | |[MITRE FiGHT](https://fight.mitre.org/techniques/FGT5032) | | [Protocol Tunneling](threats/mitre/protocolTunnelling.yaml) | Adversaries may tunnel network communications to and from a victim system within a separate protocol to avoid detection/network filtering and/or enable access to otherwise unreachable systems. | High | [mitre/encryptSensitiveInformation](actions/mitre/encryptSensitiveInformation), [mitre/networkTraffic](actions/mitre/networkTraffic) |[FGT1572.501](https://fight.mitre.org/techniques/FGT1572.501) | | [Regitration of Malicious Network Functions](threats/mitre/registrationMaliciousNetworkFunctions.yaml) | An adversary, such as an insider to the MNO or vendor, could install a malicious NF into the core network, in order to launch other attacks or get access to information. | high | [mitre/networkSegmentation](actions/mitre/networkSegmentation) |[MITRE FiGHT](https://fight.mitre.org/techniques/FGT5006) | | [Rogue xApps unauthorized access](threats/mitre/rogueXappsUnauthAccess.yaml) | Malicious xApps may gain unauthorized access to near-RT RIC and E2 nodes | High | [mitre/credentialAccessProtection](actions/mitre/credentialAccessProtection), [mitre/networkSegmentation](actions/mitre/networkSegmentation) |[FGT5034](https://fight.mitre.org/techniques/FGT5034) | diff --git a/threats/mitre/gNodeBComponentManipulation.yaml b/threats/mitre/gNodeBComponentManipulation.yaml new file mode 100644 index 0000000..ea66691 --- /dev/null +++ b/threats/mitre/gNodeBComponentManipulation.yaml @@ -0,0 +1,12 @@ +title: gNodeB Component Manipulation +description: An adversary may compromise a component of gNodeB to affect radio network configuration +severity: high +tags: [mitre, initial-access] +detectionMethods: +mitigationMethods: +securityActions: +securityIntentBinding: sample-si-binding.yaml +preDeploymentConsiderations: #Anything that can be done in CI/CD pipelines that can alleviate this threat +references: + - name: MITRE FiGHT + url: https://fight.mitre.org/techniques/FGT5032