Refine SearchFortiTester ATT&CK Database Version
| Name | ATT&CK Tactics & Techniques | Status | Update |
|---|---|---|---|
| DNS_large_query_volume |
Command and Control: Standard Application Layer Protocol |
Add
|
This step simulates an infected host sending a large volume of DNS queries to a command and control server. |
| list_open_egress_ports |
Discovery: System Network Configuration Discovery |
Add
|
This step tests which of the 128 most commonly used ports are open. |
| griffon_recon |
Discovery: System Information Discovery |
Add
|
This step simulates the exact same recon behavior of the original script in Griffon (removed the C2 interaction). |
| OSTAP_worm_activity_simulation |
Command and Control: Remote File Copy |
Add
|
This step simulates OSTap copying itself to shares and secondary drives in a specific way. |
| SAM_copy |
Credential Access: Credential Dumping |
Add
|
This step uses the esentutl.exe utility to copy the SAM hive. |
| exfiltration_over_alternative_protocol_ICMP |
Exfiltration: Exfiltration Over Alternative Protocol |
Add
|
This step exfiltrates specified file over ICMP protocol. |
| SIP_and_trust_provider_hijacking |
Defense Evasion: SIP and Trust Provider Hijacking Persistence: SIP and Trust Provider Hijacking |
Add
|
This step uses Microsoft's certificate to sign a powershell script that contains only one line of code. |
| system_discovery_using_sharpview |
Discovery: System Network Configuration Discovery |
Add
|
This step uses sharpview to get domain information. |