-
Notifications
You must be signed in to change notification settings - Fork 6
/
attack-pattern--008b8f56-6107-48be-aa9f-746f927dbb61.json
41 lines (41 loc) · 2.25 KB
/
attack-pattern--008b8f56-6107-48be-aa9f-746f927dbb61.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
{
"type": "attack-pattern",
"name": "Block Command Message",
"description": "Adversaries may block a command message from reaching its intended target to prevent command execution. In OT networks, command messages are sent to provide instructions to control system devices. A blocked command message can inhibit response functions from correcting a disruption or unsafe condition. (Citation: Research - Research - Taxonomy Cyber Attacks on SCADA)\n\nIn the 2015 attack on the Ukranian power grid, malicious firmware was used to render communication devices inoperable and effectively prevent them from receiving remote command messages. (Citation: Ukraine15 - EISAC - 201603)\n\nData Sources: Alarm History, Network protocol analysis, Packet capture",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-ics-attack",
"phase_name": "inhibit-response-function"
}
],
"x_mitre_platforms": [
"Windows",
"Field Controller/RTU/PLC/IED"
],
"external_references": [
{
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T803",
"source_name": "mitre-ics-attack",
"external_id": "T0803"
},
{
"description": "Bonnie Zhu, Anthony Joseph, Shankar Sastry. (2011). A Taxonomy of Cyber Attacks on SCADA Systems. Retrieved January 12, 2018.",
"source_name": "Research - Research - Taxonomy Cyber Attacks on SCADA",
"url": "http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6142258"
},
{
"description": "Electricity Information Sharing and Analysis Center; SANS Industrial Control Systems. (2016, March 18). Analysis of the Cyber Attack on the Ukranian Power Grid: Defense Use Case. Retrieved March 27, 2018.",
"source_name": "Ukraine15 - EISAC - 201603",
"url": "https://ics.sans.org/media/E-ISAC%20SANS%20Ukraine%20DUC%205.pdf"
}
],
"created": "2020-05-21T17:43:26.506Z",
"created_by_ref": "The MITRE Corporation",
"x_mitre_data_sources": [
"Alarm History",
"Network protocol analysis",
"Packet capture"
],
"modified": "2020-05-21T17:43:26.506Z",
"id": "attack-pattern--008b8f56-6107-48be-aa9f-746f927dbb61"
}