216.73.216.133

T0846.003: Multicast Discovery

View on MITRE ATT&CK The MITRE Corporation · Published 20/04/2026 22:54 · Modified 04/05/2026 16:52

Essential information

MITRE technique ID
T0846.003
Confidence
75/100
Revoked
No
Published
20/04/2026 22:54
Modified
04/05/2026 16:52
Author / Source
The MITRE Corporation

Description

Adversaries may perform multicast discovery requests which is when one system or device sends messages to all systems and devices in a pre-defined group on a network (or subnet) and then waits for a response. If a response is received that means the system or device that responded is live and can communicate over that protocol. Multicast discovery tends to be stealthier than broadcast discovery because every system or device on the network (or subnet) is not being messaged. One common OT protocol that has a multicast discovery mechanism is the Process Field Network (PROFINET) Discovery and Configuration Protocol (DCP) with its Identify All requests.(Citation: Cisco Active Discovery)

Kill chain phases

Kill chainPhase
mitre-ics-attack-v19 discovery
mitre-ics-attack discovery

Marking (TLP)

Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references