FortiTester ATT&CK DB Ver

Name ATT&CK Tactics & Techniques Status Update
password_spray Credential Access:
Brute Force


Add
This step uses the DomainPasswordSpray tool to perform domain password spray.
create_volume_shadow_copy_with_vssadmin Credential Access:
Credential Dumping


Add
This step creates a copy of the Active Directory domain database.
create_volume_shadow_copy_with_WMI Credential Access:
Credential Dumping


Add
This step creates a copy of the Active Directory domain database.
dump_database_with_ntdsutil Credential Access:
Credential Dumping


Add
This step generates a copy of ntds.dit.
dump_lsass_memory Credential Access:
Credential Dumping


Add
This step uses Sysinternals ProcDump to dump lsass memory.
dump_lsa_secrets Credential Access:
Credential Dumping


Add
This step dumps secrets key from Windows registry.
TeamViewer_files_detected_test Command and Control:
Remote Access Tools


Mod
An adversary may attempt to trick the user into downloading teamviewer and using this to maintain access to the machine.(original name is download_TeamViewer)