test_scratch
/
cti-ATT-CK-v13.1
/ics-attack
/attack-pattern
/attack-pattern--40b300ba-f553-48bf-862e-9471b220d455.json
| { | |
| "type": "bundle", | |
| "id": "bundle--56e3ebbf-7eb3-498b-881c-793166934b3e", | |
| "spec_version": "2.0", | |
| "objects": [ | |
| { | |
| "modified": "2023-04-05T14:16:02.811Z", | |
| "name": "Unauthorized Command Message", | |
| "description": "Adversaries may send unauthorized command messages to instruct control system assets to perform actions outside of their intended functionality, or without the logical preconditions to trigger their expected function. Command messages are used in ICS networks to give direct instructions to control systems devices. If an adversary can send an unauthorized command message to a control system, then it can instruct the control systems device to perform an action outside the normal bounds of the device's actions. An adversary could potentially instruct a control systems device to perform an action that will cause an [Impact](https://attack.mitre.org/tactics/TA0105). (Citation: Bonnie Zhu, Anthony Joseph, Shankar Sastry 2011)\n\nIn the Dallas Siren incident, adversaries were able to send command messages to activate tornado alarm systems across the city without an impending tornado or other disaster. (Citation: Zack Whittaker April 2017) (Citation: Benjamin Freed March 2019)", | |
| "kill_chain_phases": [ | |
| { | |
| "kill_chain_name": "mitre-ics-attack", | |
| "phase_name": "impair-process-control" | |
| } | |
| ], | |
| "x_mitre_deprecated": false, | |
| "x_mitre_detection": "", | |
| "x_mitre_domains": [ | |
| "ics-attack" | |
| ], | |
| "x_mitre_is_subtechnique": false, | |
| "x_mitre_platforms": [ | |
| "Field Controller/RTU/PLC/IED" | |
| ], | |
| "x_mitre_version": "1.2", | |
| "x_mitre_data_sources": [ | |
| "Network Traffic: Network Traffic Flow", | |
| "Application Log: Application Log Content", | |
| "Operational Databases: Process/Event Alarm", | |
| "Network Traffic: Network Traffic Content", | |
| "Operational Databases: Process History/Live Data" | |
| ], | |
| "type": "attack-pattern", | |
| "id": "attack-pattern--40b300ba-f553-48bf-862e-9471b220d455", | |
| "created": "2020-05-21T17:43:26.506Z", | |
| "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", | |
| "revoked": false, | |
| "external_references": [ | |
| { | |
| "source_name": "mitre-attack", | |
| "url": "https://attack.mitre.org/techniques/T0855", | |
| "external_id": "T0855" | |
| }, | |
| { | |
| "source_name": "Benjamin Freed March 2019", | |
| "description": "Benjamin Freed 2019, March 13 Tornado sirens in Dallas suburbs deactivated after being hacked and set off Retrieved. 2020/11/06 ", | |
| "url": "https://statescoop.com/tornado-sirens-in-dallas-suburbs-deactivated-after-being-hacked-and-set-off/" | |
| }, | |
| { | |
| "source_name": "Bonnie Zhu, Anthony Joseph, Shankar Sastry 2011", | |
| "description": "Bonnie Zhu, Anthony Joseph, Shankar Sastry 2011 A Taxonomy of Cyber Attacks on SCADA Systems Retrieved. 2018/01/12 ", | |
| "url": "http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6142258" | |
| }, | |
| { | |
| "source_name": "Zack Whittaker April 2017", | |
| "description": "Zack Whittaker 2017, April 12 Dallas' emergency sirens were hacked with a rogue radio signal Retrieved. 2020/11/06 ", | |
| "url": "https://www.zdnet.com/article/experts-think-they-know-how-dallas-emergency-sirens-were-hacked/" | |
| } | |
| ], | |
| "object_marking_refs": [ | |
| "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" | |
| ], | |
| "x_mitre_attack_spec_version": "3.1.0", | |
| "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" | |
| } | |
| ] | |
| } |