Refine SearchFortiTester ATT&CK DB Ver
| Name | ATT&CK Tactics & Techniques | Status | Update |
|---|---|---|---|
| kill_event_log_service_threads |
Defense Evasion: Disabling Security Tools |
Add
|
This step kill Windows event log service threads. |
| install_Outlook_home_page |
Persistence: Office Application Startup |
Add
|
This step simulates persistence being added to a host via the Outlook Home Page functionality. |
| disable_Windows_IIS_HTTP_logging |
Defense Evasion: Disabling Security Tools |
Add
|
This step disables HTTP logging on a Windows IIS web server. |
| AMSI_initfailed |
Defense Evasion: Disabling Security Tools |
Add
|
This step uses PowerShell to install and register a password filter DLL on the target machine. |
| process_injection_via_mavinject |
Execution: Signed Binary Proxy Execution |
Add
|
This step uses Windows 10 utility mavinject to inject Dlls. |
| rundll32_syssetup_execution |
Execution: Rundll32 Defense Evasion: Rundll32 |
Add
|
This step executes a command using rundll32.exe with syssetup.dll. |
| extract_binary_files_via_VBA |
Execution: Signed Binary Proxy Execution Defense Evasion: Signed Binary Proxy Execution |
Add
|
This step extracts a binary (calc.exe) from inside of another binary and execute it. |
| overwrite_clipboard |
Impact: Transmitted Data Manipulation |
Add
|
This step overwrites the clipboard. |