cti-ATT-CK-v13.1/ics-attack/attack-pattern/attack-pattern--097924ce-a9a9-4039-8591-e0deedfb8722.json

{
    "type": "bundle",
    "id": "bundle--575cf97f-064b-4d37-a97a-16a08adeaec8",
    "spec_version": "2.0",
    "objects": [
        {
            "modified": "2023-04-05T14:15:29.756Z",
            "name": "Modify Parameter",
            "description": "Adversaries may modify parameters used to instruct industrial control system devices. These devices operate via programs that dictate how and when to perform actions based on such parameters. Such parameters can determine the extent to which an action is performed and may specify additional options. For example, a program on a control system device dictating motor processes may take a parameter defining the total number of seconds to run that motor.      \n\nAn adversary can potentially modify these parameters to produce an outcome outside of what was intended by the operators. By modifying system and process critical parameters, the adversary may cause [Impact](https://attack.mitre.org/tactics/TA0105) to equipment and/or control processes. Modified parameters may be turned into dangerous, out-of-bounds, or unexpected values from typical operations. For example, specifying that a process run for more or less time than it should, or dictating an unusually high, low, or invalid value as a parameter.",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "mitre-ics-attack",
                    "phase_name": "impair-process-control"
                }
            ],
            "x_mitre_deprecated": false,
            "x_mitre_detection": "",
            "x_mitre_domains": [
                "ics-attack"
            ],
            "x_mitre_is_subtechnique": false,
            "x_mitre_platforms": [
                "Control Server",
                "Field Controller/RTU/PLC/IED",
                "Safety Instrumented System/Protection Relay",
                "Human-Machine Interface"
            ],
            "x_mitre_version": "1.2",
            "x_mitre_data_sources": [
                "Asset: Asset Inventory",
                "Application Log: Application Log Content",
                "Operational Databases: Device Alarm",
                "Network Traffic: Network Traffic Content"
            ],
            "type": "attack-pattern",
            "id": "attack-pattern--097924ce-a9a9-4039-8591-e0deedfb8722",
            "created": "2020-05-21T17:43:26.506Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "revoked": false,
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/techniques/T0836",
                    "external_id": "T0836"
                }
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "x_mitre_attack_spec_version": "3.1.0",
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
        }
    ]
}