cti-ATT-CK-v13.1/ics-attack/attack-pattern/attack-pattern--23270e54-1d68-4c3b-b763-b25607bcef80.json

{
    "type": "bundle",
    "id": "bundle--9495669c-3044-4946-bb5a-3abef44ed2fa",
    "spec_version": "2.0",
    "objects": [
        {
            "modified": "2023-05-08T20:13:24.241Z",
            "name": "Role Identification",
            "description": "Adversaries may perform role identification of devices involved with physical processes of interest in a target control system. Control systems devices often work in concert to control a physical process. Each device can have one or more roles that it performs within that control process. By collecting this role-based data, an adversary can construct a more targeted attack.\n\nFor example, a power generation plant may have unique devices such as one that monitors power output of a generator and another that controls the speed of a turbine. Examining devices roles allows the adversary to observe how the two devices work together to monitor and control a physical process. Understanding the role of a target device can inform the adversary's decision on what action to take, in order to cause Impact and influence or disrupt the integrity of operations. Furthermore, an adversary may be able to capture control system protocol traffic. By studying this traffic, the adversary may be able to determine which devices are outstations, and which are masters. Understanding of master devices and their role within control processes can enable the use of Rogue Master Device",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "mitre-ics-attack",
                    "phase_name": "collection"
                }
            ],
            "x_mitre_attack_spec_version": "2.1.0",
            "x_mitre_deprecated": true,
            "x_mitre_domains": [
                "ics-attack"
            ],
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "x_mitre_platforms": [
                "Windows",
                "Human-Machine Interface",
                "Control Server",
                "Data Historian",
                "Field Controller/RTU/PLC/IED"
            ],
            "x_mitre_version": "1.0",
            "type": "attack-pattern",
            "id": "attack-pattern--23270e54-1d68-4c3b-b763-b25607bcef80",
            "created": "2020-05-21T17:43:26.506Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "external_references": [
                {
                    "source_name": "mitre-ics-attack",
                    "url": "https://attack.mitre.org/techniques/T0850",
                    "external_id": "T0850"
                }
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "x_mitre_is_subtechnique": false
        }
    ]
}