{ "type": "bundle", "id": "bundle--dde05676-f9ba-452f-8bef-20b83bd49267", "spec_version": "2.0", "objects": [ { "modified": "2023-03-09T18:38:51.471Z", "name": "Discovery", "description": "The adversary is locating information to assess and identify their targets in your environment.\n\nDiscovery consists of techniques that adversaries use to survey your ICS environment and gain knowledge about the internal network, control system devices, and how their processes interact. These techniques help adversaries observe the environment and determine next steps for target selection and Lateral Movement. They also allow adversaries to explore what they can control and gain insight on interactions between various control system processes. Discovery techniques are often an act of progression into the environment which enable the adversary to orient themselves before deciding how to act. Adversaries may use Discovery techniques that result in Collection, to help determine how available resources benefit their current objective. A combination of native device communications and functions, and custom tools are often used toward this post-compromise information-gathering objective.", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "ics-attack" ], "x_mitre_version": "1.0", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_shortname": "discovery", "type": "x-mitre-tactic", "id": "x-mitre-tactic--696af733-728e-49d7-8261-75fdc590f453", "created": "2018-10-17T00:14:20.652Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/tactics/TA0102", "external_id": "TA0102" } ], "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ] } ] }