{ "type": "bundle", "id": "bundle--35f2f07f-554a-4b16-934e-ccc5b596705c", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "objects": [ { "type": "extension-definition", "id": "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4", "spec_version": "2.1", "created": "2022-08-02T19:34:35.143Z", "modified": "2022-08-02T19:34:35.143Z", "name": "Attack Flow", "description": "Extends STIX 2.1 with features to create Attack Flows.", "created_by_ref": "identity--fb9c968a-745b-4ade-9b25-c324172197f4", "schema": "https://center-for-threat-informed-defense.github.io/attack-flow/stix/attack-flow-schema-2.0.0.json", "version": "2.0.0", "extension_types": [ "new-sdo" ], "external_references": [ { "source_name": "Documentation", "description": "Documentation for Attack Flow", "url": "https://center-for-threat-informed-defense.github.io/attack-flow" }, { "source_name": "GitHub", "description": "Source code repository for Attack Flow", "url": "https://github.com/center-for-threat-informed-defense/attack-flow" } ] }, { "type": "identity", "id": "identity--fb9c968a-745b-4ade-9b25-c324172197f4", "spec_version": "2.1", "created": "2022-08-02T19:34:35.143Z", "modified": "2022-08-02T19:34:35.143Z", "created_by_ref": "identity--fb9c968a-745b-4ade-9b25-c324172197f4", "name": "MITRE Center for Threat-Informed Defense", "identity_class": "organization" }, { "type": "attack-flow", "id": "attack-flow--3c2a3a03-f957-4745-9178-2e6c20451e45", "spec_version": "2.1", "created": "2026-05-12T19:02:49.189Z", "modified": "2026-06-11T23:57:51.629Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "created_by_ref": "identity--5ace48f9-bdbe-4759-a85b-cd43007ee7f5", "start_refs": [ "attack-action--1f8ada6b-e2de-40b8-8a5c-fb8d474e899b", "attack-action--49970f2a-4704-4f6a-9cd3-b02f83c55b73", "attack-action--5e5d43be-f641-4aa9-82df-1a570b6e9632", "attack-action--01abf2c0-cd8f-413b-a1eb-42c9bbc17445", "attack-action--5c08e4af-85f6-4977-a71a-1c85eef5ccac", "attack-action--de9abfe1-568c-4f3e-888f-d286fb01596b", "attack-action--75e154d2-3fcf-4b64-880d-2214082ea021", "attack-action--a776671b-5ab7-4061-b3cd-d8c99edf223b", "attack-action--00f79641-20fa-471c-9770-b21aa957550a", "attack-action--9c1c5c47-496d-44a8-88b4-67065b47a52d", "attack-action--fd90cd13-f807-4b9f-a976-df638e98af3a", "attack-action--f14fa223-132f-4050-aa58-7e1e522ec662", "attack-action--fb545617-5d3c-4fbe-a78f-71368b65c099", "attack-action--095a4f35-1180-436b-8cfa-d6dceaf71a1b", "attack-action--afa602e7-ae5f-4363-8426-67267710a5ec", "attack-action--3fd7344a-03ed-4a8d-a48b-c6e308ac5a54", "attack-action--593a5cf9-1803-4ecc-b76d-c7ea0919dd28", "attack-action--83845d18-b4de-4a5e-8e1e-f0f23f6e67ad", "attack-action--b93ec558-cac2-4682-882e-a65489a99bd9", "attack-action--bcda4e38-c25e-4358-be54-1f9eaa3d63d5", "attack-action--fdd4a369-42d7-45dd-85c6-08af91fb1e28", "attack-action--85ca9ce7-a14f-40c6-8161-4da44b1805dc", "attack-action--086d6b91-2a9d-4ed3-998e-5f19184ce31c", "attack-action--932c0f03-78f1-48f3-85ff-2e56f019a4e6", "attack-action--a599d102-a230-49f2-bcfa-632ae120b554", "attack-action--4f8b6b0d-5e9c-4d33-ba24-0bcdc5ee79f6", "attack-action--01445c20-9a58-455f-8503-d471c5f02cb4", "attack-action--0062dcbe-48c6-4d64-870b-b7d3c62988c1", "attack-action--c0a57453-5f3a-43c8-955e-cdbacf96dc0b", "attack-action--2474c032-e655-47e5-8767-2f3b5c14dff3", "attack-action--5e0c6b54-ed3f-4557-9524-43146ddefe2c", "attack-action--40eb3994-b160-4c46-99c5-b6dcc5b8ea6b", "attack-action--74900420-a1b5-4bed-b141-f3356b6a991d", "attack-action--7930c61d-c142-46b7-a052-a2454de8daaf" ], "name": "Pwnsat - SPARTA TTPs", "description": "Hacking the Final Frontier Offensive Security in Space Systems and Satellites with Pwnsat.", "scope": "attack-tree" }, { "type": "identity", "id": "identity--5ace48f9-bdbe-4759-a85b-cd43007ee7f5", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "name": "Kevin Leon", "identity_class": "individual", "contact_information": "kevinleon.morales@gmail.com" }, { "type": "attack-action", "id": "attack-action--1f8ada6b-e2de-40b8-8a5c-fb8d474e899b", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "REC-0001.01 Software Design", "tactic_id": "ST0001", "tactic_ref": "x-mitre-tactic--2d1b64b9-c681-405e-99de-b98aee9011fe", "technique_id": "REC-0001", "technique_ref": "attack-pattern--6fe42547-e79b-4e96-b7b4-25774dffd3cc", "subtechnique_id": "REC-0001.01", "subtechnique_ref": "attack-pattern--6cdddf9c-05f5-4216-b39b-5c05dc3defd5", "description": "Targeting flight and ground software architectures, including RTOS selections, memory maps, FDIR logic, and patch mechanisms via source code, binaries, or SBOMs." }, { "type": "attack-action", "id": "attack-action--49970f2a-4704-4f6a-9cd3-b02f83c55b73", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "REC-0001.02 Firmware", "tactic_id": "ST0001", "tactic_ref": "x-mitre-tactic--2d1b64b9-c681-405e-99de-b98aee9011fe", "technique_id": "REC-0001", "technique_ref": "attack-pattern--6fe42547-e79b-4e96-b7b4-25774dffd3cc", "subtechnique_id": "REC-0001.02", "subtechnique_ref": "attack-pattern--4b2749ae-2fa6-4e03-9dfd-d96cea1ec80e", "description": "Collecting microcontroller images, programmable logic bitstreams, boot ROM behaviors, and secure-boot settings for devices on the spacecraft bus." }, { "type": "attack-action", "id": "attack-action--5e5d43be-f641-4aa9-82df-1a570b6e9632", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "REC-0001.04 Data Bus", "tactic_id": "ST0001", "tactic_ref": "x-mitre-tactic--2d1b64b9-c681-405e-99de-b98aee9011fe", "technique_id": "REC-0001", "technique_ref": "attack-pattern--6fe42547-e79b-4e96-b7b4-25774dffd3cc", "subtechnique_id": "REC-0001.04", "subtechnique_ref": "attack-pattern--02867082-1cda-4119-b914-11300cffc649", "description": "Mapping internal data bus protocols (e.g., MIL-STD-1553, SpaceWire), controller roles, addressing schedules, and physical constraints." }, { "type": "attack-action", "id": "attack-action--01abf2c0-cd8f-413b-a1eb-42c9bbc17445", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "REC-0003.01 Communications Equipment", "tactic_id": "ST0001", "tactic_ref": "x-mitre-tactic--2d1b64b9-c681-405e-99de-b98aee9011fe", "technique_id": "REC-0003", "technique_ref": "attack-pattern--5ada927d-eb27-404d-8607-f2815f249fea", "subtechnique_id": "REC-0003.01", "subtechnique_ref": "attack-pattern--b91094d9-0334-4208-b50b-ea15c1ce96d0", "description": "Inventorying space and ground RF hardware, including antenna geometries, transponder types, tracking modes, and backend modem settings." }, { "type": "attack-action", "id": "attack-action--5c08e4af-85f6-4977-a71a-1c85eef5ccac", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "REC-0003.02 Commanding Details", "tactic_id": "ST0001", "tactic_ref": "x-mitre-tactic--2d1b64b9-c681-405e-99de-b98aee9011fe", "technique_id": "REC-0003", "technique_ref": "attack-pattern--5ada927d-eb27-404d-8607-f2815f249fea", "subtechnique_id": "REC-0003.02", "subtechnique_ref": "attack-pattern--76deb04d-f904-49f0-8dbd-59b7505f9124", "description": "Analyzing how telecommands are structured, authorized, scheduled, and delivered (e.g., CCSDS protocols, encryption keys, anti-replay windows, and line-of-sight constraints)." }, { "type": "attack-action", "id": "attack-action--de9abfe1-568c-4f3e-888f-d286fb01596b", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "REC-0003.03 Mission-Specific Channel Scanning", "tactic_id": "ST0001", "tactic_ref": "x-mitre-tactic--2d1b64b9-c681-405e-99de-b98aee9011fe", "technique_id": "REC-0003", "technique_ref": "attack-pattern--5ada927d-eb27-404d-8607-f2815f249fea", "subtechnique_id": "REC-0003.03", "subtechnique_ref": "attack-pattern--6453ffc7-2272-4075-8780-c73c22637ec2", "description": "Scanning spectrum and public repositories for secondary surfaces like high-rate payload downlinks, inter-satellite crosslinks, and hosted-payload channels." }, { "type": "attack-action", "id": "attack-action--75e154d2-3fcf-4b64-880d-2214082ea021", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "REC-0005.01 Uplink Intercept", "tactic_id": "ST0001", "tactic_ref": "x-mitre-tactic--2d1b64b9-c681-405e-99de-b98aee9011fe", "technique_id": "REC-0005", "technique_ref": "attack-pattern--47100f10-38e0-45ad-ba80-5fdc03df19ed", "subtechnique_id": "REC-0005.01", "subtechnique_ref": "attack-pattern--6126311a-914f-46a1-8f27-1b4e9986f895", "description": "Intercepting the command path from the ground station to the spacecraft." }, { "type": "attack-action", "id": "attack-action--a776671b-5ab7-4061-b3cd-d8c99edf223b", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "REC-0005.02 Downlink Intercept", "tactic_id": "ST0001", "tactic_ref": "x-mitre-tactic--2d1b64b9-c681-405e-99de-b98aee9011fe", "technique_id": "REC-0005", "technique_ref": "attack-pattern--47100f10-38e0-45ad-ba80-5fdc03df19ed", "subtechnique_id": "REC-0005.02", "subtechnique_ref": "attack-pattern--1df3e254-5201-4641-9139-93817b7f8011", "description": "Harvesting housekeeping telemetry, event logs, ephemerides, and payload data from downlinks, beacons, or community ground networks." }, { "type": "attack-action", "id": "attack-action--00f79641-20fa-471c-9770-b21aa957550a", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "REC-0006.01 Development Environment", "tactic_id": "ST0001", "tactic_ref": "x-mitre-tactic--2d1b64b9-c681-405e-99de-b98aee9011fe", "technique_id": "REC-0006", "technique_ref": "attack-pattern--8e305d6d-5f15-48c3-96b0-bdd4fa4d6886", "subtechnique_id": "REC-0006.01", "subtechnique_ref": "attack-pattern--4f239ac0-9d57-4bcf-ac55-9858c9a79206", "description": "Enumerating the exact toolchains, repository layouts, CI/CD orchestrators, container images, and environment variables used to produce flight software builds." }, { "type": "grouping", "id": "grouping--8daaa401-0285-42f0-812b-137916b1b0e6", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "name": "Gather Spacecraft Design Information", "description": "Combine open and gray sources (ICDs, SBOMs, manuals, patents) to understand avionics, power, and payload-to-bus interfaces. This data is used to build a mental model or lab replica to identify single points of failure and unsafe operational modes.", "context": "Reconnaissance", "object_refs": [ "attack-action--1f8ada6b-e2de-40b8-8a5c-fb8d474e899b", "attack-action--49970f2a-4704-4f6a-9cd3-b02f83c55b73", "attack-action--5e5d43be-f641-4aa9-82df-1a570b6e9632" ] }, { "type": "grouping", "id": "grouping--84b73a57-a981-4b86-befd-c5f506e8a42c", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "name": "Gather Spacecraft Communications Information", "description": "Collect technical parameters (frequencies, modulation, link budgets) and ground station profiles (locations, antenna behavior, cloud backbones). This information shrinks the search space to build a lab-replicable demodulation chain and schedule interception windows.", "context": "Reconnaissance", "object_refs": [ "attack-action--01abf2c0-cd8f-413b-a1eb-42c9bbc17445", "attack-action--5c08e4af-85f6-4977-a71a-1c85eef5ccac", "attack-action--de9abfe1-568c-4f3e-888f-d286fb01596b" ] }, { "type": "grouping", "id": "grouping--cbf83730-c17a-4204-a47b-136585668de7", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "name": "Eavesdropping", "description": "Capture packet data, spectrograms, and telemetry to reconstruct communication protocols and map operational rhythms. Even when links are encrypted, metadata (e.g., symbol rates, cadence) is leveraged for traffic analysis and targeted interference.", "context": "Reconnaissance", "object_refs": [ "attack-action--75e154d2-3fcf-4b64-880d-2214082ea021", "attack-action--a776671b-5ab7-4061-b3cd-d8c99edf223b" ] }, { "type": "grouping", "id": "grouping--8a1c7f0c-a7ad-4c31-b1db-128083db4136", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "name": "Gather FSW Development Information", "description": "Document source trees, toolchains, CI/CD pipelines, RTOS versions, and testing environments (e.g., flatsats). Adversaries use these details to find weaknesses in update validation, predict error handling, and craft inputs that bypass integration tests.", "context": "Reconnaissance", "object_refs": [ "attack-action--00f79641-20fa-471c-9770-b21aa957550a" ] }, { "type": "grouping", "id": "grouping--499bbd26-5db4-4da8-a9de-ad9c762e3b43", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "name": "Acquire Infrastructure", "description": "Independently provisioning or renting the assets needed to observe, reach, or impersonate mission components, spanning RF/optical hardware, VPS fleets, CDN relays, and burner identity fabrics.", "context": "Resource Development", "object_refs": [ "attack-action--9c1c5c47-496d-44a8-88b4-67065b47a52d", "attack-action--fd90cd13-f807-4b9f-a976-df638e98af3a" ] }, { "type": "attack-action", "id": "attack-action--9c1c5c47-496d-44a8-88b4-67065b47a52d", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "RD-0001.01 Ground Station Equipment", "tactic_id": "ST0002", "tactic_ref": "x-mitre-tactic--5b6eff0e-7ac9-42c9-b0fb-088a4feadb03", "technique_id": "RD-0001", "technique_ref": "attack-pattern--9bb7d3f7-6021-4053-8a62-6ac9f48bc644", "subtechnique_id": "RD-0001.01", "subtechnique_ref": "attack-pattern--87f4671a-555d-4d45-a9db-3a330eeba5ac", "description": "Constructing a rogue, independent RF ground stack using steerable mounts, antennas, low-loss IF chains, amplifiers, and baseband Software Defined Radios (SDRs)." }, { "type": "attack-action", "id": "attack-action--fd90cd13-f807-4b9f-a976-df638e98af3a", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "RD-0001.03 Spacecraft", "tactic_id": "ST0002", "tactic_ref": "x-mitre-tactic--5b6eff0e-7ac9-42c9-b0fb-088a4feadb03", "technique_id": "RD-0001", "technique_ref": "attack-pattern--9bb7d3f7-6021-4053-8a62-6ac9f48bc644", "subtechnique_id": "RD-0001.03", "subtechnique_ref": "attack-pattern--8756b698-34d2-44bb-8265-bf1c4cdc1a36", "description": "Deploying a dedicated physical spacecraft (e.g., small satellites in co-located or phasing orbits) or leveraging a hosted payload on a commercial bus." }, { "type": "grouping", "id": "grouping--e1ec6d5c-d8a0-4360-be03-8551f4bb47b1", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "name": "Compromise Ground System", "description": "Infiltrating the authorized ground segment—including operator workstations, mission control software, HSMs, modems, and cloud gateways—to gain a direct path to spacecraft execution.", "context": "Initial Access", "object_refs": [ "attack-action--fb545617-5d3c-4fbe-a78f-71368b65c099" ] }, { "type": "grouping", "id": "grouping--19219cd2-f4f0-4d76-a702-08dc343f8833", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "name": "Rogue External Entity", "description": "Interacting with the spacecraft from an unauthorized, actor-controlled platform (ground, airborne, maritime, or space-based) completely outside the official ground architecture.", "context": "Initial Access", "object_refs": [ "attack-action--f14fa223-132f-4050-aa58-7e1e522ec662" ] }, { "type": "attack-action", "id": "attack-action--f14fa223-132f-4050-aa58-7e1e522ec662", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "IA-0008.01 Rogue Ground Station", "tactic_id": "ST0003", "tactic_ref": "x-mitre-tactic--3756f0b5-9dd3-4fd0-9225-e3173eef2e10", "technique_id": "IA-0008", "technique_ref": "attack-pattern--47c8e3d6-19b6-48b2-8d28-c2f61466326b", "subtechnique_id": "IA-0008.01", "subtechnique_ref": "attack-pattern--819f6523-6eda-4547-a478-3b7b9d871058", "description": "Deploying an independent, unauthorized fixed or transportable ground station equipped with steerable apertures, GPS-disciplined timing, and Software Defined Radios (SDRs)." }, { "type": "attack-action", "id": "attack-action--fb545617-5d3c-4fbe-a78f-71368b65c099", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "IA-0007.02 Malicious Command via Ground Station", "tactic_id": "ST0003", "tactic_ref": "x-mitre-tactic--3756f0b5-9dd3-4fd0-9225-e3173eef2e10", "technique_id": "IA-0007", "technique_ref": "attack-pattern--8cc6dc0b-ddbf-45f2-9819-1215d5c4ee92", "subtechnique_id": "IA-0007.02", "subtechnique_ref": "attack-pattern--457b949a-d269-438b-8260-7df84381021b", "description": "Utilizing an already compromised, mission-owned ground system to transmit legitimate-looking commands to the spacecraft using the correct waveforms, framing, and dictionaries." }, { "type": "grouping", "id": "grouping--96778079-503d-42b6-beda-e8426cd3fe42", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "name": "Replay", "description": "Re-transmitting previously captured traffic over RF links, crosslinks, or internal buses within valid system acceptance windows.", "context": "Execution", "object_refs": [ "attack-action--095a4f35-1180-436b-8cfa-d6dceaf71a1b", "attack-action--afa602e7-ae5f-4363-8426-67267710a5ec" ] }, { "type": "grouping", "id": "grouping--2fc6be66-3528-4b9c-b568-dc6c43cc5aad", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "name": "Exploit Hardware/Firmware Corruption", "description": "Tampering with device firmware, programmable logic (FPGA bitstreams), configuration blobs, or MCU/SoC boot ROM fallbacks.", "context": "Execution", "object_refs": [ "attack-action--3fd7344a-03ed-4a8d-a48b-c6e308ac5a54" ] }, { "type": "grouping", "id": "grouping--c3f97c11-dc38-400d-9bea-1d605516e9c0", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "name": "Modify On-Board Values", "description": "Altering live or persistent configuration data, including control registers, limit tables, FDIR rules, timelines, and setpoints.", "context": "Execution", "object_refs": [ "attack-action--593a5cf9-1803-4ecc-b76d-c7ea0919dd28", "attack-action--83845d18-b4de-4a5e-8e1e-f0f23f6e67ad", "attack-action--b93ec558-cac2-4682-882e-a65489a99bd9", "attack-action--bcda4e38-c25e-4358-be54-1f9eaa3d63d5" ] }, { "type": "grouping", "id": "grouping--1945da3d-58dc-4c22-90b8-701e39b071cf", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "name": "Flooding", "description": "Overwhelming a communications link, application parser, or internal data bus by injecting an unsustainable volume of traffic.", "context": "Execution", "object_refs": [ "attack-action--fdd4a369-42d7-45dd-85c6-08af91fb1e28", "attack-action--85ca9ce7-a14f-40c6-8161-4da44b1805dc" ] }, { "type": "grouping", "id": "grouping--d56c05d1-b888-418a-96da-5a4baee9f441", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "name": "Spoofing", "description": "Forging data inputs (e.g., GNSS signals, crosslink beacons, sensor telemetry) that onboard logic relies upon as ground truth.", "context": "Execution", "object_refs": [ "attack-action--086d6b91-2a9d-4ed3-998e-5f19184ce31c" ] }, { "type": "grouping", "id": "grouping--aa205b5e-5d09-4382-a21e-561675bde5bf", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "name": "Jamming", "description": "Using radio frequency (RF) signals within a target antenna's frequency band and field of view to intentionally degrade or block communications.", "context": "Execution", "object_refs": [ "attack-action--a599d102-a230-49f2-bcfa-632ae120b554", "attack-action--932c0f03-78f1-48f3-85ff-2e56f019a4e6" ] }, { "type": "attack-action", "id": "attack-action--095a4f35-1180-436b-8cfa-d6dceaf71a1b", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "EX-0001.01 Command Packets", "tactic_id": "ST0004", "tactic_ref": "x-mitre-tactic--a685d777-f10c-4edc-b401-397a8e7e41f8", "technique_id": "EX-0001", "technique_ref": "attack-pattern--024c4e64-e969-405e-8312-d171bff48707", "subtechnique_id": "EX-0001.01", "subtechnique_ref": "attack-pattern--866badc9-6553-4c73-a152-ff86a7235d59", "description": "Resending authentic telecommand Protocol Data Units (PDUs) with intact framing, CRCs, counters, or timetags captured from prior exchanges." }, { "type": "attack-action", "id": "attack-action--afa602e7-ae5f-4363-8426-67267710a5ec", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "EX-0001.02 Bus Traffic Replay", "tactic_id": "ST0004", "tactic_ref": "x-mitre-tactic--a685d777-f10c-4edc-b401-397a8e7e41f8", "technique_id": "EX-0001", "technique_ref": "attack-pattern--024c4e64-e969-405e-8312-d171bff48707", "subtechnique_id": "EX-0001.02", "subtechnique_ref": "attack-pattern--ab4e2f27-2015-4561-9c0b-3c1d3d454f94", "description": "Injecting or retransmitting historical, well-formed messages directly onto internal spacecraft data buses (e.g., MIL-STD-1553, SpaceWire) instead of targeting the external RF path." }, { "type": "attack-action", "id": "attack-action--3fd7344a-03ed-4a8d-a48b-c6e308ac5a54", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "EX-0005.02 Malicious Use of Hardware Commands", "tactic_id": "ST0004", "tactic_ref": "x-mitre-tactic--a685d777-f10c-4edc-b401-397a8e7e41f8", "technique_id": "EX-0005", "technique_ref": "attack-pattern--881811fd-c6e4-483d-b47d-65aa6dcd6a01", "subtechnique_id": "EX-0005.02", "subtechnique_ref": "attack-pattern--68c9fb31-d8c2-4985-b291-a7fc20da9a57", "description": "Issuing low-level device, register, or maintenance commands directly to hardware components over the internal bus." }, { "type": "attack-action", "id": "attack-action--593a5cf9-1803-4ecc-b76d-c7ea0919dd28", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "EX-00012.05 Scheduling Algorithm", "tactic_id": "ST0004", "tactic_ref": "x-mitre-tactic--a685d777-f10c-4edc-b401-397a8e7e41f8", "technique_id": "EX-0012", "technique_ref": "attack-pattern--29e1cbca-98fc-4931-837f-aefdbf221b21", "subtechnique_id": "EX-0012.05", "subtechnique_ref": "attack-pattern--3549bea8-028a-4c96-ba89-c97f74115b93", "description": "Tampering with real-time scheduling parameters, task priorities, CPU budgets, deadlines, and clock sources." }, { "type": "attack-action", "id": "attack-action--83845d18-b4de-4a5e-8e1e-f0f23f6e67ad", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "EX-00012.06 Science/Payload Data", "tactic_id": "ST0004", "tactic_ref": "x-mitre-tactic--a685d777-f10c-4edc-b401-397a8e7e41f8", "technique_id": "EX-0012", "technique_ref": "attack-pattern--29e1cbca-98fc-4931-837f-aefdbf221b21", "subtechnique_id": "EX-0012.06", "subtechnique_ref": "attack-pattern--ab16f075-1282-4e4a-ac8d-4afc3fc3c242", "description": "Modifying raw detector frames, Level-0 data streams, mass memory file catalogs, or adjacent metadata (timestamps, calibration tables)." }, { "type": "attack-action", "id": "attack-action--b93ec558-cac2-4682-882e-a65489a99bd9", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "EX-0012.07 Propulsion Subsystem", "tactic_id": "ST0004", "tactic_ref": "x-mitre-tactic--a685d777-f10c-4edc-b401-397a8e7e41f8", "technique_id": "EX-0012", "technique_ref": "attack-pattern--29e1cbca-98fc-4931-837f-aefdbf221b21", "subtechnique_id": "EX-0012.07", "subtechnique_ref": "attack-pattern--6f69f99e-e9a0-449a-92db-9e383be0534a", "description": "Editing thruster calibrations, valve timings, inhibit masks, delta-V tables, and tank pressure/temperature safety limits." }, { "type": "attack-action", "id": "attack-action--bcda4e38-c25e-4358-be54-1f9eaa3d63d5", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "EX-0012.10 Command & Data Handling Subsystem", "tactic_id": "ST0004", "tactic_ref": "x-mitre-tactic--a685d777-f10c-4edc-b401-397a8e7e41f8", "technique_id": "EX-0012", "technique_ref": "attack-pattern--29e1cbca-98fc-4931-837f-aefdbf221b21", "subtechnique_id": "EX-0012.10", "subtechnique_ref": "attack-pattern--22839480-7f7d-477a-85cf-34bf68bacf6a", "description": "Adjusting runtime variables such as opcode-to-handler maps, command queue depths, message routing tables, and event/telemetry filters." }, { "type": "attack-action", "id": "attack-action--fdd4a369-42d7-45dd-85c6-08af91fb1e28", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "EX-0013.01 Valid Commands", "tactic_id": "ST0004", "tactic_ref": "x-mitre-tactic--a685d777-f10c-4edc-b401-397a8e7e41f8", "technique_id": "EX-0013", "technique_ref": "attack-pattern--5423a225-c68a-4b77-aa9f-5b27f960777b", "subtechnique_id": "EX-0013.01", "subtechnique_ref": "attack-pattern--f8a66758-e85e-48cf-b29b-19ad40ae7ceb", "description": "Saturating data paths with an excessive volume of legitimate but low-risk telecommands or bus messages (e.g., no-ops, time queries)." }, { "type": "attack-action", "id": "attack-action--85ca9ce7-a14f-40c6-8161-4da44b1805dc", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "EX-0013.02 Erroneous Input", "tactic_id": "ST0004", "tactic_ref": "x-mitre-tactic--a685d777-f10c-4edc-b401-397a8e7e41f8", "technique_id": "EX-0013", "technique_ref": "attack-pattern--5423a225-c68a-4b77-aa9f-5b27f960777b", "subtechnique_id": "EX-0013.02", "subtechnique_ref": "attack-pattern--ccd7a4cb-581b-4dc1-9e26-fbb34291036b", "description": "Injecting volumetric invalid data—such as wideband noise, malformed packets, or frames with bad CRCs—into receivers and parsers." }, { "type": "attack-action", "id": "attack-action--086d6b91-2a9d-4ed3-998e-5f19184ce31c", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "EX-0014.02 Bus Traffic Spoofing", "tactic_id": "ST0004", "tactic_ref": "x-mitre-tactic--a685d777-f10c-4edc-b401-397a8e7e41f8", "technique_id": "EX-0014", "technique_ref": "attack-pattern--1d08c77b-ae8b-402f-9ab7-ab093e1b8cc8", "subtechnique_id": "EX-0014.02", "subtechnique_ref": "attack-pattern--71e955e9-7ccb-4d42-a241-c2884ec3e106", "description": "Emitting forged messages with valid identifiers, addresses, and timing parameters directly onto internal vehicle data paths (MIL-STD-1553, SpaceWire, CAN)." }, { "type": "attack-action", "id": "attack-action--932c0f03-78f1-48f3-85ff-2e56f019a4e6", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "EX-0016.01 Uplink Jamming", "tactic_id": "ST0004", "tactic_ref": "x-mitre-tactic--a685d777-f10c-4edc-b401-397a8e7e41f8", "technique_id": "EX-0016", "technique_ref": "attack-pattern--6bb75c77-5b45-41ec-a188-ecec13af421e", "subtechnique_id": "EX-0016.01", "subtechnique_ref": "attack-pattern--1cb1b50a-b7c0-4691-835f-35303237b997", "description": "Transmitting RF interference toward the spacecraft's receive antenna to match its frequency, footprint, polarization, and Doppler conditions." }, { "type": "attack-action", "id": "attack-action--a599d102-a230-49f2-bcfa-632ae120b554", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "EX-0016.02 Downlink Jamming", "tactic_id": "ST0004", "tactic_ref": "x-mitre-tactic--a685d777-f10c-4edc-b401-397a8e7e41f8", "technique_id": "EX-0016", "technique_ref": "attack-pattern--6bb75c77-5b45-41ec-a188-ecec13af421e", "subtechnique_id": "EX-0016.02", "subtechnique_ref": "attack-pattern--b4546ad9-cc6e-4125-ac2d-f116276287c0", "description": "Creating RF noise in the same frequency band as the satellite's downlink signal, targeting the field of view of ground receiving terminals." }, { "type": "grouping", "id": "grouping--1ad3e2a1-a4e8-4b96-bda6-21e0f827b337", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "name": "Disrupt or Deceive Downlink", "description": "Targeting ground-side telemetry reception, processing, or display to impair operator visibility into spacecraft health and activity.", "context": "Defense Evasion", "object_refs": [ "attack-action--4f8b6b0d-5e9c-4d33-ba24-0bcdc5ee79f6", "attack-action--01445c20-9a58-455f-8503-d471c5f02cb4" ] }, { "type": "attack-action", "id": "attack-action--4f8b6b0d-5e9c-4d33-ba24-0bcdc5ee79f6", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "DE-0002.02 Jam Link Signal", "tactic_id": "ST0006", "tactic_ref": "x-mitre-tactic--ec717a52-de36-4597-b2ad-d9c9d120054a", "technique_id": "DE-0002", "technique_ref": "attack-pattern--ef4776f9-b691-4c3f-a175-1f683ee9d2fd", "subtechnique_id": "DE-0002.02", "subtechnique_ref": "attack-pattern--6bfd9086-4c64-4a60-abf3-9e65c07e0840", "description": "Overwhelming or jamming the downlink radio frequency signal to block transmitted telemetry from reaching its ground destination." }, { "type": "attack-action", "id": "attack-action--01445c20-9a58-455f-8503-d471c5f02cb4", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "DE-0002.03 Inhibit Spacecraft Functionality", "tactic_id": "ST0006", "tactic_ref": "x-mitre-tactic--ec717a52-de36-4597-b2ad-d9c9d120054a", "technique_id": "DE-0002", "technique_ref": "attack-pattern--ef4776f9-b691-4c3f-a175-1f683ee9d2fd", "subtechnique_id": "DE-0002.03", "subtechnique_ref": "attack-pattern--89bac471-5511-4b85-9999-d68240a0a689", "description": "Suppressing telemetry directly at the source by manipulating on-board software generation or transmission hardware." }, { "type": "grouping", "id": "grouping--ce0e81e0-86b2-4b9f-9930-0679c3cab316", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "name": "Replay", "description": "Re-sending previously valid commands or procedures to force the spacecraft to re-transmit recorded data.", "context": "Exfiltration", "object_refs": [ "attack-action--0062dcbe-48c6-4d64-870b-b7d3c62988c1" ] }, { "type": "attack-action", "id": "attack-action--0062dcbe-48c6-4d64-870b-b7d3c62988c1", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "EX-0001 Replay", "tactic_id": "ST0004", "tactic_ref": "x-mitre-tactic--a685d777-f10c-4edc-b401-397a8e7e41f8", "technique_id": "EX-0001", "technique_ref": "attack-pattern--024c4e64-e969-405e-8312-d171bff48707", "description": "Re-sending previously valid commands or procedures to force the spacecraft to re-transmit recorded data." }, { "type": "grouping", "id": "grouping--125a18a2-719a-48d6-96e8-09d88d5a10b3", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "name": "Side-Channel Exfiltration", "description": "Extracting sensitive information by observing physical or protocol byproducts such as power draw, electromagnetic emissions, timing, or thermal signatures.", "context": "Exfiltration", "object_refs": [ "attack-action--c0a57453-5f3a-43c8-955e-cdbacf96dc0b" ] }, { "type": "attack-action", "id": "attack-action--c0a57453-5f3a-43c8-955e-cdbacf96dc0b", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "EXF-0002.01 Power Analysis Attacks", "tactic_id": "ST0008", "tactic_ref": "x-mitre-tactic--5721a603-bbbe-45cf-b838-c57abe7effd6", "technique_id": "EXF-0002", "technique_ref": "attack-pattern--767f7f09-4e48-47fd-b0ca-4dbab1ae912a", "subtechnique_id": "EXF-0002.01", "subtechnique_ref": "attack-pattern--c7fcb459-9e98-46e6-bfd8-0749942bea73", "description": "Measuring the instantaneous power consumption of hardware devices like crypto engines or microcontrollers." }, { "type": "grouping", "id": "grouping--9bd61b38-0fad-4892-a5d4-2fe88ed1ca7f", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "name": "Signal Interception", "description": "Capturing mission traffic in transit across tapped ground networks, baseband interfaces, or raw RF/optical space links.", "context": "Exfiltration", "object_refs": [ "attack-action--2474c032-e655-47e5-8767-2f3b5c14dff3", "attack-action--5e0c6b54-ed3f-4557-9524-43146ddefe2c" ] }, { "type": "attack-action", "id": "attack-action--2474c032-e655-47e5-8767-2f3b5c14dff3", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "EXF-0003.01 Uplink Exfiltration", "tactic_id": "ST0008", "tactic_ref": "x-mitre-tactic--5721a603-bbbe-45cf-b838-c57abe7effd6", "technique_id": "EXF-0003", "technique_ref": "attack-pattern--7e8b8d8f-d864-40f4-9c1c-789c59ab2b14", "subtechnique_id": "EXF-0003.01", "subtechnique_ref": "attack-pattern--1dde132d-ea40-4642-b1e6-dcebeb183f70", "description": "Receiving or tapping the command path directed from ground stations to the spacecraft." }, { "type": "attack-action", "id": "attack-action--5e0c6b54-ed3f-4557-9524-43146ddefe2c", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "EXF-0003.02 Downlink Exfiltration", "tactic_id": "ST0008", "tactic_ref": "x-mitre-tactic--5721a603-bbbe-45cf-b838-c57abe7effd6", "technique_id": "EXF-0003", "technique_ref": "attack-pattern--7e8b8d8f-d864-40f4-9c1c-789c59ab2b14", "subtechnique_id": "EXF-0003.02", "subtechnique_ref": "attack-pattern--80b417bd-15cc-48f6-908e-e5404f60827c", "description": "Recording spacecraft-to-ground traffic, including real-time telemetry, recorder playbacks, and payload products." }, { "type": "attack-action", "id": "attack-action--40eb3994-b160-4c46-99c5-b6dcc5b8ea6b", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "EXF-0007 Compromised Ground System", "tactic_id": "ST0008", "tactic_ref": "x-mitre-tactic--5721a603-bbbe-45cf-b838-c57abe7effd6", "technique_id": "EXF-0007", "technique_ref": "attack-pattern--d7b39534-b6d7-4afa-8c82-8bf0d22ce1a0", "description": "Leveraging a foothold within trusted mission ground infrastructure (workstations, control servers, or archive databases) to siphon data." }, { "type": "grouping", "id": "grouping--2b5415a5-c44d-463e-962a-42342e4fac69", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "name": "Compromised Ground System", "description": "Leveraging a foothold within trusted mission ground infrastructure (workstations, control servers, or archive databases) to siphon data.", "context": "Exfiltration", "object_refs": [ "attack-action--40eb3994-b160-4c46-99c5-b6dcc5b8ea6b" ] }, { "type": "grouping", "id": "grouping--bd1779cf-aa08-441f-a896-e371ba32d0ca", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "name": "Disruption", "description": "Temporarily impairing, altering, or manipulating communication paths and messages between the spacecraft and ground controllers.", "context": "Impact", "object_refs": [ "attack-action--74900420-a1b5-4bed-b141-f3356b6a991d" ] }, { "type": "attack-action", "id": "attack-action--74900420-a1b5-4bed-b141-f3356b6a991d", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "IMP-0002 Disruption", "tactic_id": "ST0009", "tactic_ref": "x-mitre-tactic--c5e266e5-35cf-4cbb-81dc-81928672b06a", "technique_id": "IMP-0002", "technique_ref": "attack-pattern--0c313931-5e23-46e2-b5d0-8a27c9ebf87d", "description": "Temporarily impairing, altering, or manipulating communication paths and messages between the spacecraft and ground controllers." }, { "type": "grouping", "id": "grouping--e7a0e042-62a5-4ba4-8581-6e90a4dcf764", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "name": "Denial", "description": "Temporarily eliminating complete access, use, or operation of a system without causing permanent physical hardware damage.", "context": "Impact", "object_refs": [ "attack-action--7930c61d-c142-46b7-a052-a2454de8daaf" ] }, { "type": "attack-action", "id": "attack-action--7930c61d-c142-46b7-a052-a2454de8daaf", "spec_version": "2.1", "created": "2026-06-11T23:57:51.629Z", "modified": "2026-06-11T23:57:51.629Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "IMP-0003 Denial", "tactic_id": "ST0009", "tactic_ref": "x-mitre-tactic--c5e266e5-35cf-4cbb-81dc-81928672b06a", "technique_id": "IMP-0003", "technique_ref": "attack-pattern--d3a1fc7b-950e-42dc-b0a8-46fc0b2e251f", "description": "Temporarily eliminating complete access, use, or operation of a system without causing permanent physical hardware damage." } ] }