{ "type": "bundle", "id": "bundle--7ed50e9f-c82a-483e-8ed8-8523e9972a03", "spec_version": "2.0", "objects": [ { "modified": "2023-03-09T18:38:51.471Z", "name": "Command and Control", "description": "The adversary is trying to communicate with and control compromised systems, controllers, and platforms with access to your ICS environment.\n\nCommand and Control consists of techniques that adversaries use to communicate with and send commands to compromised systems, devices, controllers, and platforms with specialized applications used in ICS environments. Examples of these specialized communication devices include human machine interfaces (HMIs), data historians, SCADA servers, and engineering workstations (EWS). Adversaries often seek to use commonly available resources and mimic expected network traffic to avoid detection and suspicion. For instance, commonly used ports and protocols in ICS environments, and even expected IT resources, depending on the target network. Command and Control may be established to varying degrees of stealth, often depending on the victim\u2019s network structure and defenses.", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "ics-attack" ], "x_mitre_version": "1.0", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_shortname": "command-and-control", "type": "x-mitre-tactic", "id": "x-mitre-tactic--97c8ff73-bd14-4b6c-ac32-3d91d2c41e3f", "created": "2018-10-17T00:14:20.652Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/tactics/TA0101", "external_id": "TA0101" } ], "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ] } ] }