{ "type": "bundle", "id": "bundle--7fff60d2-1494-45a4-b6d4-41f4752a1a0f", "spec_version": "2.0", "objects": [ { "modified": "2023-03-09T18:38:51.471Z", "name": "Program Upload", "description": "Adversaries may attempt to upload a program from a PLC to gather information about an industrial process. Uploading a program may allow them to acquire and study the underlying logic. Methods of program upload include vendor software, which enables the user to upload and read a program running on a PLC. This software can be used to upload the target program to a workstation, jump box, or an interfacing device.", "kill_chain_phases": [ { "kill_chain_name": "mitre-ics-attack", "phase_name": "collection" } ], "x_mitre_attack_spec_version": "2.1.0", "x_mitre_domains": [ "ics-attack" ], "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_platforms": [ "Safety Instrumented System/Protection Relay", "Field Controller/RTU/PLC/IED" ], "x_mitre_version": "1.0", "x_mitre_data_sources": [ "Network Traffic: Network Traffic Content", "Application Log: Application Log Content", "Network Traffic: Network Traffic Flow" ], "type": "attack-pattern", "id": "attack-pattern--3067b85e-271e-4bc5-81ad-ab1a81d411e3", "created": "2020-05-21T17:43:26.506Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T0845", "external_id": "T0845" } ], "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "x_mitre_is_subtechnique": false } ] }