cti-ATT-CK-v13.1/ics-attack/attack-pattern/attack-pattern--5f3da2f3-91c8-4d8b-a02f-bf43a11def55.json

{
    "type": "bundle",
    "id": "bundle--a07277a9-3fa8-4c60-bca4-34c93b05494e",
    "spec_version": "2.0",
    "objects": [
        {
            "modified": "2023-05-08T20:13:24.241Z",
            "name": "Serial Connection Enumeration",
            "description": "Adversaries may perform serial connection enumeration to gather situational awareness after gaining access to devices in the OT network. Control systems devices often communicate to each other via various types of serial communication mediums. These serial communications are used to facilitate informational communication, as well as commands.  Serial Connection Enumeration differs from I/O Module Discovery, as I/O modules are auxiliary systems to the main system, and devices that are connected via serial connection are normally discrete systems.\n\nWhile IT and OT networks may work in tandem, the exact structure of the OT network may not be discernible from the IT network alone. After gaining access to a device on the OT network, an adversary may be able to enumerate the serial connections. From this perspective, the adversary can see the specific physical devices to which the compromised device is connected to. This gives the adversary greater situational awareness and can influence the actions that the adversary can take in an attack.",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "mitre-ics-attack",
                    "phase_name": "discovery"
                }
            ],
            "x_mitre_attack_spec_version": "2.1.0",
            "x_mitre_deprecated": true,
            "x_mitre_domains": [
                "ics-attack"
            ],
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "x_mitre_platforms": [
                "Windows",
                "Input/Output Server",
                "Field Controller/RTU/PLC/IED"
            ],
            "x_mitre_version": "1.0",
            "type": "attack-pattern",
            "id": "attack-pattern--5f3da2f3-91c8-4d8b-a02f-bf43a11def55",
            "created": "2020-05-21T17:43:26.506Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "external_references": [
                {
                    "source_name": "mitre-ics-attack",
                    "url": "https://attack.mitre.org/techniques/T0854",
                    "external_id": "T0854"
                }
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "x_mitre_is_subtechnique": false
        }
    ]
}