FortiTester ATT&CK DB Ver

Name ATT&CK Tactics & Techniques Status Update
DNS_large_query_volume Command and Control:
Standard Application Layer Protocol


Add
This step simulates an infected host sending a large volume of DNS queries to a command and control server.
list_open_egress_ports Discovery:
System Network Configuration Discovery


Add
This step tests which of the 128 most commonly used ports are open.
griffon_recon Discovery:
System Information Discovery


Add
This step simulates the exact same recon behavior of the original script in Griffon (removed the C2 interaction).
OSTAP_worm_activity_simulation Command and Control:
Remote File Copy


Add
This step simulates OSTap copying itself to shares and secondary drives in a specific way.
SAM_copy Credential Access:
Credential Dumping


Add
This step uses the esentutl.exe utility to copy the SAM hive.
exfiltration_over_alternative_protocol_ICMP Exfiltration:
Exfiltration Over Alternative Protocol


Add
This step exfiltrates specified file over ICMP protocol.
SIP_and_trust_provider_hijacking Defense Evasion:
SIP and Trust Provider Hijacking


Persistence:
SIP and Trust Provider Hijacking


Add
This step uses Microsoft's certificate to sign a powershell script that contains only one line of code.
system_discovery_using_sharpview Discovery:
System Network Configuration Discovery


Add
This step uses sharpview to get domain information.