ics-attack/attack-pattern/attack-pattern--68a9324d-a524-4766-a899-a026f68a33df.json

{
    "type": "bundle",
    "id": "bundle--43981976-b03b-4309-b095-8a53c8911cc7",
    "spec_version": "2.0",
    "objects": [
        {
            "type": "attack-pattern",
            "id": "attack-pattern--68a9324d-a524-4766-a899-a026f68a33df",
            "created": "2026-04-20T20:54:18.031Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "revoked": false,
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/techniques/T1693/001",
                    "external_id": "T1693.001"
                },
                {
                    "source_name": "Basnight, Zachry, et al.",
                    "description": "Basnight, Zachry, et al. 2013 Retrieved. 2017/10/17 ",
                    "url": "http://www.sciencedirect.com/science/article/pii/S1874548213000231"
                }
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "modified": "2026-04-23T19:10:31.871Z",
            "name": "System Firmware",
            "description": "System firmware on modern assets is often designed with an update feature. Older device firmware may be factory installed and require special reprograming equipment. When available, the firmware update feature enables vendors to remotely patch bugs and perform upgrades. Device firmware updates are often delegated to the user and may be done using a software update package. It may also be possible to perform this task over the network.\n\nAn adversary may exploit the firmware update feature on accessible devices to upload malicious or out-of-date firmware. Malicious modification of device firmware may provide an adversary with root access to a device, given firmware is one of the lowest programming abstraction layers.(Citation: Basnight, Zachry, et al.)",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "mitre-ics-attack",
                    "phase_name": "persistence"
                },
                {
                    "kill_chain_name": "mitre-ics-attack",
                    "phase_name": "inhibit-response-function"
                },
                {
                    "kill_chain_name": "mitre-ics-attack",
                    "phase_name": "impair-process-control"
                }
            ],
            "x_mitre_attack_spec_version": "3.3.0",
            "x_mitre_deprecated": false,
            "x_mitre_domains": [
                "ics-attack"
            ],
            "x_mitre_is_subtechnique": true,
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "x_mitre_version": "1.0"
        }
    ]
}
ATT&CK v19.0 ICS 2026-04-27 15:18:54 -04:00			`{`
			`"type": "bundle",`
			`"id": "bundle--43981976-b03b-4309-b095-8a53c8911cc7",`
			`"spec_version": "2.0",`
			`"objects": [`
			`{`
			`"type": "attack-pattern",`
			`"id": "attack-pattern--68a9324d-a524-4766-a899-a026f68a33df",`
			`"created": "2026-04-20T20:54:18.031Z",`
			`"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",`
			`"revoked": false,`
			`"external_references": [`
			`{`
			`"source_name": "mitre-attack",`
			`"url": "https://attack.mitre.org/techniques/T1693/001",`
			`"external_id": "T1693.001"`
			`},`
			`{`
			`"source_name": "Basnight, Zachry, et al.",`
			`"description": "Basnight, Zachry, et al. 2013 Retrieved. 2017/10/17 ",`
			`"url": "http://www.sciencedirect.com/science/article/pii/S1874548213000231"`
			`}`
			`],`
			`"object_marking_refs": [`
			`"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"`
			`],`
			`"modified": "2026-04-23T19:10:31.871Z",`
			`"name": "System Firmware",`
			"description": "System firmware on modern assets is often designed with an update feature. Older device firmware may be factory installed and require special reprograming equipment. When available, the firmware update feature enables vendors to remotely patch bugs and perform upgrades. Device firmware updates are often delegated to the user and may be done using a software update package. It may also be possible to perform this task over the network.\n\nAn adversary may exploit the firmware update feature on accessible devices to upload malicious or out-of-date firmware. Malicious modification of device firmware may provide an adversary with root access to a device, given firmware is one of the lowest programming abstraction layers.(Citation: Basnight, Zachry, et al.)",
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "mitre-ics-attack",`
			`"phase_name": "persistence"`
			`},`
			`{`
			`"kill_chain_name": "mitre-ics-attack",`
			`"phase_name": "inhibit-response-function"`
			`},`
			`{`
			`"kill_chain_name": "mitre-ics-attack",`
			`"phase_name": "impair-process-control"`
			`}`
			`],`
			`"x_mitre_attack_spec_version": "3.3.0",`
			`"x_mitre_deprecated": false,`
			`"x_mitre_domains": [`
			`"ics-attack"`
			`],`
			`"x_mitre_is_subtechnique": true,`
			`"x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",`
			`"x_mitre_version": "1.0"`
			`}`
			`]`
			`}`