adpare
41 lines
1.9 KiB
JSON
41 lines
1.9 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--7fb56028-5e94-4881-835e-8128cfd9c4b1",
|
|
"spec_version": "2.0",
|
|
"objects": [
|
|
{
|
|
"type": "attack-pattern",
|
|
"id": "attack-pattern--574d5bfb-9a7a-4b28-ab5c-743ac704c135",
|
|
"created": "2026-04-20T20:54:25.997Z",
|
|
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
|
|
"revoked": false,
|
|
"external_references": [
|
|
{
|
|
"source_name": "mitre-attack",
|
|
"url": "https://attack.mitre.org/techniques/T0843/003",
|
|
"external_id": "T0843.003"
|
|
}
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
|
|
],
|
|
"modified": "2026-04-23T00:18:49.737Z",
|
|
"name": "Program Append",
|
|
"description": "Adversaries may execute a program append to a PLC to update parts of an existing program. It may or may not require stopping the PLC which may allow it to continue running during transfer and reconfiguration without interruption to process control. Adversaries may leverage this approach to minimize downtime and evade detection. \n\nThe ability to perform a program append to the PLC typically relies on access to a workstation with the vendor-specific PLC programming software installed.\n",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "mitre-ics-attack",
|
|
"phase_name": "lateral-movement"
|
|
}
|
|
],
|
|
"x_mitre_attack_spec_version": "3.3.0",
|
|
"x_mitre_deprecated": false,
|
|
"x_mitre_domains": [
|
|
"ics-attack"
|
|
],
|
|
"x_mitre_is_subtechnique": true,
|
|
"x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
|
|
"x_mitre_version": "1.0"
|
|
}
|
|
]
|
|
} |