Sean Sica
48 lines
2.1 KiB
JSON
48 lines
2.1 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--c3edf24e-db6d-4728-bb6a-14305c62e89a",
|
|
"spec_version": "2.0",
|
|
"objects": [
|
|
{
|
|
"modified": "2023-10-13T17:57:04.179Z",
|
|
"name": "Automated Collection",
|
|
"description": "Adversaries may automate collection of industrial environment information using tools or scripts. This automated collection may leverage native control protocols and tools available in the control systems environment. For example, the OPC protocol may be used to enumerate and gather information. Access to a system or interface with these native protocols may allow collection and enumeration of other attached, communicating servers and devices.",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "mitre-ics-attack",
|
|
"phase_name": "collection"
|
|
}
|
|
],
|
|
"x_mitre_attack_spec_version": "2.1.0",
|
|
"x_mitre_domains": [
|
|
"ics-attack"
|
|
],
|
|
"x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
|
|
"x_mitre_platforms": [
|
|
"None"
|
|
],
|
|
"x_mitre_version": "1.0",
|
|
"x_mitre_data_sources": [
|
|
"Script: Script Execution",
|
|
"Command: Command Execution",
|
|
"File: File Access",
|
|
"Network Traffic: Network Traffic Content"
|
|
],
|
|
"type": "attack-pattern",
|
|
"id": "attack-pattern--3de230d4-3e42-4041-b089-17e1128feded",
|
|
"created": "2020-05-21T17:43:26.506Z",
|
|
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
|
|
"external_references": [
|
|
{
|
|
"source_name": "mitre-attack",
|
|
"url": "https://attack.mitre.org/techniques/T0802",
|
|
"external_id": "T0802"
|
|
}
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
|
|
],
|
|
"x_mitre_is_subtechnique": false
|
|
}
|
|
]
|
|
} |