Execution through API

From attackics
Jump to navigation Jump to search
Execution through API
Technique
ID T871
Tactic Execution
Data Sources API monitoring, Network protocol analysis, Packet capture
Asset Field Controller/RTU/PLC/IED

Description

Adversaries may attempt to leverage Application Program Interfaces (APIs) used for communication between control software and the hardware. Specific functionality is often coded into APIs which can be called by software to engage specific functions on a device or other software, such as Change Program State of a program on a PLC.


Procedure Examples

  • PLC-Blaster utilizes the PLC communication and management API to load executable Program Organization Units.1
  • Stuxnet utilizes the PLC communication and management API to load executable Program Organization Units.2
  • Triton leverages a reconstructed TriStation protocol within its framework to trigger APIs related to program download, program allocation, and program changes.3