cti-ATT-CK-v13.1/ics-attack/attack-pattern/attack-pattern--539d0484-fe95-485a-b654-86991c0d0d00.json

{
    "type": "bundle",
    "id": "bundle--104c8763-a3a0-47f3-a59a-8366a2355f2d",
    "spec_version": "2.0",
    "objects": [
        {
            "modified": "2023-05-08T20:13:24.241Z",
            "name": "Network Service Scanning",
            "description": "Network Service Scanning is the process of discovering services on networked systems.  This can be achieved through a technique called port scanning or probing.  Port scanning interacts with the TCP/IP ports on a target system to determine whether ports are open, closed, or filtered by a firewall.  This does not reveal the service that is running behind the port, but since many common services are run on [https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml specific port numbers], the type of service can be assumed.  More in-depth testing includes interaction with the actual service to determine the service type and specific version.  One of the most-popular tools to use for Network Service Scanning is [https://nmap.org/ Nmap].\n\nAn adversary may attempt to gain information about a target device and its role on the network via Network Service Scanning techniques, such as port scanning.  Network Service Scanning is useful for determining potential vulnerabilities in services on target devices.  Network Service Scanning is closely tied to .\n\nScanning ports can be noisy on a network. In some attacks, adversaries probe for specific ports using custom tools. This was specifically seen in the Triton and PLC-Blaster attacks.",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "mitre-ics-attack",
                    "phase_name": "discovery"
                }
            ],
            "x_mitre_attack_spec_version": "2.1.0",
            "x_mitre_deprecated": true,
            "x_mitre_domains": [
                "ics-attack"
            ],
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "x_mitre_platforms": [
                "Windows",
                "Field Controller/RTU/PLC/IED"
            ],
            "x_mitre_version": "1.0",
            "type": "attack-pattern",
            "id": "attack-pattern--539d0484-fe95-485a-b654-86991c0d0d00",
            "created": "2020-05-21T17:43:26.506Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "external_references": [
                {
                    "source_name": "mitre-ics-attack",
                    "url": "https://attack.mitre.org/techniques/T0841",
                    "external_id": "T0841"
                }
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "x_mitre_is_subtechnique": false
        }
    ]
}