FortiTester ATT&CK DB Ver

Name ATT&CK Tactics & Techniques Status Update
rootkit Defense Evasion:
Rootkit


Add
This step hides the file and process of HIDE-ExampleExecutable_x64.exe.
environmental_keying Defense Evasion:
Execution Guardrails


Add
This step attempts to decompress the file on the target machine.
collect_cookies_on_disk Credential Access:
Steal Web Session Cookie


Add
This step collects the FireFox and Chrome Cookies stored on the target machine.
password_filter_dll Credential Access:
Password Filter DLL


Execution:
LSASS Driver


Persistence:
LSASS Driver


Mod
This step uses PowerShell to install and register a password filter DLL on the target machine.
communication_through_removable_media Exfiltration:
Exfiltration Over Physical Medium


Command and Control:
Communication Through Removable Media


Add
This step uses mobile media to communicate.