Isabel Tuson
61 lines
3.6 KiB
JSON
61 lines
3.6 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--f20dbdf7-8e8e-494e-9eee-9001011fdb30",
|
|
"spec_version": "2.0",
|
|
"objects": [
|
|
{
|
|
"type": "attack-pattern",
|
|
"name": "Project File Infection",
|
|
"description": "Adversaries may attempt to infect project files with malicious code. These project files may consist of objects, program organization units, variables such as tags, documentation, and other configurations needed for PLC programs to function. (Citation: References - beckhoff project files) Using built in functions of the engineering software, adversaries may be able to download an infected program to a PLC in the operating environment enabling further execution and persistence techniques. (Citation: References - plcdev siemens)\n\nAdversaries may export their own code into project files with conditions to execute at specific intervals. (Citation: Stuxnet - Symantec - 201102) Malicious programs allow adversaries control of all aspects of the process enabled by the PLC. Once the project file is downloaded to a PLC the workstation device may be disconnected with the infected project file still executing. (Citation: References - plcdev siemens)\n\nData Sources: File monitoring, Digital signatures",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "mitre-ics-attack",
|
|
"phase_name": "persistence-ics"
|
|
},
|
|
{
|
|
"kill_chain_name": "mitre-ics-attack",
|
|
"phase_name": "execution-ics"
|
|
}
|
|
],
|
|
"x_mitre_platforms": [
|
|
"Windows",
|
|
"Engineering Workstation",
|
|
"Human-Machine Interface"
|
|
],
|
|
"external_references": [
|
|
{
|
|
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T873",
|
|
"source_name": "mitre-ics-attack",
|
|
"external_id": "T0873"
|
|
},
|
|
{
|
|
"description": "Nicolas Falliere, Liam O Murchu, Eric Chien. (2011, February). W32.Stuxnet Dossier (Version 1.4). Retrieved September 22, 2017.",
|
|
"source_name": "Stuxnet - Symantec - 201102",
|
|
"url": "https://www.symantec.com/content/en/us/enterprise/media/security%20response/whitepapers/w32%20stuxnet%20dossier.pdf"
|
|
},
|
|
{
|
|
"description": "Beckhoff. (n.d.). TwinCAT 3 Source Control: Project Files. Retrieved November 21, 2019.",
|
|
"source_name": "References - beckhoff project files",
|
|
"url": "https://infosys.beckhoff.com/english.php?content=../content/1033/tc3%20sourcecontrol/18014398915785483.html&id="
|
|
},
|
|
{
|
|
"description": "PLCdev. (n.d.). Siemens SIMATIC Step 7 Programmer's Handbook. Retrieved November 21, 2019.",
|
|
"source_name": "References - plcdev siemens",
|
|
"url": "http://www.plcdev.com/book/export/html/373"
|
|
}
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
|
|
],
|
|
"created": "2020-05-21T17:43:26.506Z",
|
|
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
|
|
"x_mitre_data_sources": [
|
|
"File monitoring",
|
|
"Digital signatures"
|
|
],
|
|
"modified": "2020-05-21T17:43:26.506Z",
|
|
"type": "attack-pattern",
|
|
"id": "attack-pattern--e72425f8-9ae6-41d3-bfdb-e1b865e60722"
|
|
}
|
|
]
|
|
} |