cti-ATT-CK-v13.1/ics-attack/attack-pattern/attack-pattern--3f1f4ccb-9be2-4ff8-8f69-dd972221169b.json

{
    "type": "bundle",
    "id": "bundle--f6d16847-c988-4df9-ba31-13b7959c8889",
    "spec_version": "2.0",
    "objects": [
        {
            "modified": "2022-09-19T13:57:23.538Z",
            "name": "Block Reporting Message",
            "description": "Adversaries may block or prevent a reporting message from reaching its intended target. In control systems, reporting messages contain telemetry data (e.g., I/O values) pertaining to the current state of equipment and the industrial process. By blocking these reporting messages, an adversary can potentially hide their actions from an operator.\n\nBlocking reporting messages in control systems that manage physical processes may contribute to system impact, causing inhibition of a response function. A control system may not be able to respond in a proper or timely manner to an event, such as a dangerous fault, if its corresponding reporting message is blocked. (Citation: Bonnie Zhu, Anthony Joseph, Shankar Sastry 2011)  (Citation: Electricity Information Sharing and Analysis Center; SANS Industrial Control Systems March 2016)",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "mitre-ics-attack",
                    "phase_name": "inhibit-response-function"
                }
            ],
            "x_mitre_detection": "",
            "x_mitre_platforms": [
                "Field Controller/RTU/PLC/IED",
                "Input/Output Server",
                "Device Configuration/Parameters"
            ],
            "x_mitre_is_subtechnique": false,
            "x_mitre_deprecated": false,
            "x_mitre_domains": [
                "ics-attack"
            ],
            "x_mitre_version": "1.0",
            "x_mitre_data_sources": [
                "Application Log: Application Log Content",
                "Network Traffic: Network Traffic Flow",
                "Process: Process Termination",
                "Operational Databases: Process/Event Alarm",
                "Operational Databases: Process History/Live Data"
            ],
            "type": "attack-pattern",
            "id": "attack-pattern--3f1f4ccb-9be2-4ff8-8f69-dd972221169b",
            "created": "2020-05-21T17:43:26.506Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "revoked": false,
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/techniques/T0804",
                    "external_id": "T0804"
                },
                {
                    "source_name": "Bonnie Zhu, Anthony Joseph, Shankar Sastry 2011",
                    "description": "Bonnie Zhu, Anthony Joseph, Shankar Sastry 2011 A Taxonomy of Cyber Attacks on SCADA Systems Retrieved. 2018/01/12 ",
                    "url": "http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6142258"
                },
                {
                    "source_name": "Electricity Information Sharing and Analysis Center; SANS Industrial Control Systems March 2016",
                    "description": "Electricity Information Sharing and Analysis Center; SANS Industrial Control Systems 2016, March 18 Analysis of the Cyber Attack on the Ukranian Power Grid: Defense Use Case Retrieved. 2018/03/27 ",
                    "url": "https://assets.contentstack.io/v3/assets/blt36c2e63521272fdc/blt6a77276749b76a40/607f235992f0063e5c070fff/E-ISAC_SANS_Ukraine_DUC_5%5b73%5d.pdf"
                }
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "x_mitre_attack_spec_version": "2.1.0",
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
        }
    ]
}