SCOR SPACE-SHIELD Techniques
ESA SPACE-SHIELD Techniques adapted to SCOR namespace. Each technique is mapped to one or more tactics, aligning with the ESA matrix structure.
Authors
| Authors and/or Contributors |
|---|
| H4CK32N4U75® |
In-orbit proximity intelligence
Gather intelligence on nearby space assets through proximity operations or sensors to support later attack phases.
Internal MISP references
UUID 1840fcc7-a24a-48ce-990b-b6f354cfcf64 which can be used as unique global reference for In-orbit proximity intelligence in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| id | T1001 |
| shortname | in-orbit-proximity-intelligence |
| tactics | ['TA0043'] |
RF/Optical interception
Intercept communication links using RF or optical ground/space assets, passively collecting TM/TC traffic.
Internal MISP references
UUID 396b4b8f-b995-41d2-9444-a610e914b387 which can be used as unique global reference for RF/Optical interception in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| id | T1002 |
| shortname | rf-optical-interception |
| tactics | ['TA0043'] |
Compromise ground segment
Obtain access to mission control or ground station systems through intrusion or insider compromise.
Internal MISP references
UUID 67be1b14-42d6-43aa-bd03-8ac65501ad87 which can be used as unique global reference for Compromise ground segment in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| id | T1003 |
| shortname | compromise-ground-segment |
| tactics | ['TA0001'] |
Exploit RF command link
Exploit weak or unencrypted TT&C links to send malicious commands or replay legitimate commands.
Internal MISP references
UUID ec25db8a-d247-4524-8525-add6f14ebf54 which can be used as unique global reference for Exploit RF command link in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| id | T1004 |
| shortname | exploit-rf-command-link |
| tactics | ['TA0001'] |
Payload hijack
Gain unauthorized control of spacecraft payloads by manipulating command channels or onboard processors.
Internal MISP references
UUID cfb3d53f-b161-420b-aad6-033367169715 which can be used as unique global reference for Payload hijack in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| id | T1005 |
| shortname | payload-hijack |
| tactics | ['TA0002', 'TA0008'] |
Malicious telecommand injection
Inject unauthorized telecommands into TT&C to alter spacecraft behavior.
Internal MISP references
UUID ef52bd00-b343-4163-b6c9-8a81a1b9de27 which can be used as unique global reference for Malicious telecommand injection in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| id | T1006 |
| shortname | malicious-telecommand-injection |
| tactics | ['TA0002'] |
Insert pre-launch backdoor
Introduce malicious code, firmware, or hardware before launch to maintain access post-launch.
Internal MISP references
UUID 90c30639-78f9-4704-b5f3-b040bd4ac8f8 which can be used as unique global reference for Insert pre-launch backdoor in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| id | T1007 |
| shortname | insert-prelaunch-backdoor |
| tactics | ['TA0003'] |
Modify onboard software
Alter flight or payload software to maintain persistence or enable later privilege escalation.
Internal MISP references
UUID bfa4f8ea-f5d4-4e26-83f9-49979bea8deb which can be used as unique global reference for Modify onboard software in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| id | T1008 |
| shortname | modify-onboard-software |
| tactics | ['TA0003'] |
Privilege escalation through bus hierarchy
Exploit weaknesses in bus arbitration or priority to gain higher-level access.
Internal MISP references
UUID 31cc665e-f9c8-4f66-9ea5-079f71e29d9f which can be used as unique global reference for Privilege escalation through bus hierarchy in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| id | T1009 |
| shortname | bus-privilege-escalation |
| tactics | ['TA0004'] |
Bypass TT&C authentication
Exploit weak or absent authentication to access command uplinks.
Internal MISP references
UUID 925c853b-9132-4522-b696-e9463680e91f which can be used as unique global reference for Bypass TT&C authentication in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| id | T1010 |
| shortname | bypass-ttc-auth |
| tactics | ['TA0005'] |
Tamper with detection logs
Delete or alter on-board and ground telemetry logs to evade detection.
Internal MISP references
UUID 9bdddef9-f88e-4d4b-a419-73edc53e3300 which can be used as unique global reference for Tamper with detection logs in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| id | T1011 |
| shortname | tamper-detection-logs |
| tactics | ['TA0005'] |
Cryptographic key theft
Obtain TT&C or payload encryption keys through interception, insider activity, or exploitation of key management.
Internal MISP references
UUID b8b4e0d3-0c89-463c-8913-77b07bef6ebd which can be used as unique global reference for Cryptographic key theft in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| id | T1012 |
| shortname | key-theft |
| tactics | ['TA0006'] |
Memory dump analysis
Extract credentials or keys from spacecraft or ground segment memory dumps.
Internal MISP references
UUID 7465f6ef-a771-48e9-8416-86dc58540bfb which can be used as unique global reference for Memory dump analysis in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| id | T1013 |
| shortname | memory-dump-analysis |
| tactics | ['TA0006'] |
Onboard topology enumeration
Enumerate internal buses, payload interfaces, and control logic for attack path planning.
Internal MISP references
UUID 261fa9d9-ccd0-40e8-a1b2-21431dc0b170 which can be used as unique global reference for Onboard topology enumeration in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| id | T1014 |
| shortname | onboard-topology-enum |
| tactics | ['TA0007'] |
Downlink sniffing
Collect telemetry and payload data from downlink channels to identify exploitable behavior.
Internal MISP references
UUID b1763ea9-8fe4-4be1-be9c-233163f3a4b5 which can be used as unique global reference for Downlink sniffing in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| id | T1015 |
| shortname | downlink-sniffing |
| tactics | ['TA0007'] |
Pivot from payload to platform
Move laterally from compromised payload processors to the main platform control domain.
Internal MISP references
UUID 51d93509-3a65-4e09-b211-462a7ae05480 which can be used as unique global reference for Pivot from payload to platform in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| id | T1016 |
| shortname | payload-to-platform-pivot |
| tactics | ['TA0008'] |
Relay through compromised ground node
Use compromised ground stations as relays to other spacecraft or missions.
Internal MISP references
UUID e5dc7985-e691-406f-9e24-f337015e8f75 which can be used as unique global reference for Relay through compromised ground node in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| id | T1017 |
| shortname | ground-relay-lateral |
| tactics | ['TA0008'] |
Downlink data harvesting
Intercept and collect unencrypted telemetry and payload data streams.
Internal MISP references
UUID ee409d71-cac5-4fd5-9b35-0d6fb98e5c30 which can be used as unique global reference for Downlink data harvesting in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| id | T1018 |
| shortname | downlink-data-harvest |
| tactics | ['TA0009'] |
Payload data tampering
Alter or replace collected payload data to mislead operators or users.
Internal MISP references
UUID 6319c6d5-b429-4d6c-a60d-750257d922bd which can be used as unique global reference for Payload data tampering in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| id | T1019 |
| shortname | payload-data-tamper |
| tactics | ['TA0009', 'TA0040'] |
TM channel exfiltration
Use TM downlink to exfiltrate sensitive data from the spacecraft.
Internal MISP references
UUID 55f3605e-e002-4ecf-83b7-3a9f2a4a540b which can be used as unique global reference for TM channel exfiltration in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| id | T1020 |
| shortname | tm-exfiltration |
| tactics | ['TA0010'] |
Payload channel exfiltration
Use payload mission data downlinks to smuggle exfiltrated data.
Internal MISP references
UUID ca2f462a-3731-4bfb-992e-80cfb09fb673 which can be used as unique global reference for Payload channel exfiltration in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| id | T1021 |
| shortname | payload-exfiltration |
| tactics | ['TA0010'] |
RF C2 uplink
Establish command and control over the RF command uplink.
Internal MISP references
UUID 427849ba-520f-4755-93ef-0cf3eb8aafd6 which can be used as unique global reference for RF C2 uplink in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| id | T1022 |
| shortname | rf-c2-uplink |
| tactics | ['TA0011'] |
Optical C2 uplink
Use optical or laser uplinks for covert C2 channels.
Internal MISP references
UUID e7d6d504-7b2c-4901-b0e7-8e491e6019c7 which can be used as unique global reference for Optical C2 uplink in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| id | T1023 |
| shortname | optical-c2-uplink |
| tactics | ['TA0011'] |
Jamming
Disrupt downlink or uplink communications with intentional interference.
Internal MISP references
UUID ba540b82-d926-4251-aea0-c2ffe3d57921 which can be used as unique global reference for Jamming in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| id | T1024 |
| shortname | jamming |
| tactics | ['TA0040'] |
Flooding attacks
Overwhelm ground or space communication channels with traffic to deny service.
Internal MISP references
UUID 04998e3a-3bae-4add-a571-8440d76d7bdc which can be used as unique global reference for Flooding attacks in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| id | T1025 |
| shortname | flooding |
| tactics | ['TA0040'] |
Onboard destructive command
Send commands to permanently damage payload, platform, or subsystems.
Internal MISP references
UUID 1e208bb2-71c2-4a90-a487-e7d67e7cdf09 which can be used as unique global reference for Onboard destructive command in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| id | T1026 |
| shortname | onboard-destruction |
| tactics | ['TA0040'] |
Pre-inserted malicious hardware
Introduce malicious components pre-launch to enable destructive effects post-deployment.
Internal MISP references
UUID b28bd6aa-0af8-4a95-a7ef-da9a0aa67546 which can be used as unique global reference for Pre-inserted malicious hardware in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| id | T1027 |
| shortname | malicious-hardware |
| tactics | ['TA0040'] |