Data collection for threat analytics

Question

Data collection for threat analytics

Opened this issue 2 years ago · 3 comments

MatejKovacic commented 2 years ago

Data to be collected (and example of data):

PDU type: SMS-DELIVER
Local date and time: 3/24/2023 18:28:20 GMT+3
UTC date and time: 3/24/2023 16:28:20 UTC
To number: +386 41 123 456 (if user has several SIM cards, (not yet implemented))
IMSI number of a SIM card (at least part describing country and mobile operator of a SIM card, (not yet implemented))
SMSC: +386 11 000 111
From: +386 30 789 321
From (display): +38630789321
From port: 0
To port: 37273
Msg (from TP-User-Data): 846853
Payload: 087...033
Data (hex): 003...300
User location - requires location permission: (unavailable/GPS - (not yet implemented))
Unique device ID: (not yet implemented)
Sent to server: TRUE/FALSE (not yet implemented)
All info data field: (see current field)
Technical data about network and mobile signal - country, operator, brand see this, MCC, MNC, LAC, CID, ARFCN, bsic for GSM, psc for WCDMA, pci for LTE, LON+LAT, signal level (asu, integer, dBm), signal type: (see this code (not yet implemented))

Not all this data should be sent to server, but it should be shown to user when silent SMS is detected.

Answer 1 · 2023-03-26T18:22:03.000Z

Example of received silent SMS screen view (mockup):

Answer 2 · 2024-12-08T19:22:31.000Z

Hi Matej,
Hope you are well. Is this project still alive and have you managed to get it to send the technical info back yet (device gos location and base gps location)?

Answer 3 · 2024-12-18T13:25:18.000Z

Sorry, no. I am working on other things, so this project is a little stalled now.