T0846.002: Broadcast Discovery
Essential information
- MITRE technique ID
T0846.002- Confidence
- 75/100
- Revoked
- No
- Published
- 20/04/2026 22:54
- Modified
- 04/05/2026 16:52
- Author / Source
- The MITRE Corporation
Description
Adversaries may perform broadcast discovery requests to enumerate systems and devices on a network. Broadcast discovery works by one system or device sending messages to all systems and devices on a network (or subnet) and then waiting for a response. If a response is received that means the system or device that responded is live and can communicate over that protocol. Adversaries may leverage different protocols supported on the network for sending broadcast messages.
Some common OT protocols that have broadcast discovery mechanisms are Building Automation and Control Network (BACNet) Who-Is requests, Common Industrial Protocol (CIP) List Identity User Datagram Protocol (UDP) broadcast requests, and Siemens S7 broadcast identification requests.(Citation: Broadcasting BACnet)(Citation: Cisco Active Discovery)
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-ics-attack-v19 | discovery |
| mitre-ics-attack | discovery |
Marking (TLP)
Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.