adpare
51 lines
3.8 KiB
JSON
51 lines
3.8 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--70b6a9d3-e4e4-42b6-b5b7-7077463b7d12",
|
|
"spec_version": "2.0",
|
|
"objects": [
|
|
{
|
|
"type": "attack-pattern",
|
|
"id": "attack-pattern--338f4364-2269-4f70-9079-b20384b16628",
|
|
"created": "2026-04-20T20:50:34.107Z",
|
|
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
|
|
"revoked": false,
|
|
"external_references": [
|
|
{
|
|
"source_name": "mitre-attack",
|
|
"url": "https://attack.mitre.org/techniques/T1691",
|
|
"external_id": "T1691"
|
|
},
|
|
{
|
|
"source_name": "Bonnie Zhu, Anthony Joseph, Shankar Sastry 2011",
|
|
"description": "Bonnie Zhu, Anthony Joseph, Shankar Sastry 2011 A Taxonomy of Cyber Attacks on SCADA Systems Retrieved. 2018/01/12 ",
|
|
"url": "http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6142258"
|
|
},
|
|
{
|
|
"source_name": "Electricity Information Sharing and Analysis Center; SANS Industrial Control Systems March 2016",
|
|
"description": "Electricity Information Sharing and Analysis Center; SANS Industrial Control Systems 2016, March 18 Analysis of the Cyber Attack on the Ukranian Power Grid: Defense Use Case Retrieved. 2018/03/27 ",
|
|
"url": "https://assets.contentstack.io/v3/assets/blt36c2e63521272fdc/blt6a77276749b76a40/607f235992f0063e5c070fff/E-ISAC_SANS_Ukraine_DUC_5%5b73%5d.pdf"
|
|
}
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
|
|
],
|
|
"modified": "2026-04-23T18:49:15.673Z",
|
|
"name": "Block Operational Technology Message",
|
|
"description": "Adversaries may block messages between systems and devices in an OT/ICS environment to disrupt processes. Messages typically fall into two categories: (1) reporting messages that contain telemetry data about the current state of systems, devices, and processes and (2) command messages that contain instructions to control systems, devices, and processes. Both types of messages are critical for the proper functioning of industrial control processes and failure of the messages to reach their intended destinations could inhibit response functions or create an unsafe condition that could have physical impacts.(Citation: Bonnie Zhu, Anthony Joseph, Shankar Sastry 2011)(Citation: Electricity Information Sharing and Analysis Center; SANS Industrial Control Systems March 2016)\n\nAdversaries may block communications by either making modifications to software ([System Firmware](https://attack.mitre.org/techniques/T0857), [Module Firmware](https://attack.mitre.org/techniques/T0839), [Hooking](https://attack.mitre.org/techniques/T0874), and [Rootkit](https://attack.mitre.org/techniques/T0851)) and services ([Service Stop](https://attack.mitre.org/techniques/T0881), [Denial of Service](https://attack.mitre.org/techniques/T0814)) on systems and devices or by positioning themselves between systems and devices and intercepting and blocking the communications such as the case with an [Adversary-in-the-Middle](https://attack.mitre.org/techniques/T0830) attack.\n",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "mitre-ics-attack",
|
|
"phase_name": "inhibit-response-function"
|
|
}
|
|
],
|
|
"x_mitre_attack_spec_version": "3.3.0",
|
|
"x_mitre_deprecated": false,
|
|
"x_mitre_domains": [
|
|
"ics-attack"
|
|
],
|
|
"x_mitre_is_subtechnique": false,
|
|
"x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
|
|
"x_mitre_version": "1.0"
|
|
}
|
|
]
|
|
} |