FortiTester ATT&CK DB Ver

Name ATT&CK Tactics & Techniques Status Update
kill_event_log_service_threads Defense Evasion:
Disabling Security Tools


Add
This step kill Windows event log service threads.
install_Outlook_home_page Persistence:
Office Application Startup


Add
This step simulates persistence being added to a host via the Outlook Home Page functionality.
disable_Windows_IIS_HTTP_logging Defense Evasion:
Disabling Security Tools


Add
This step disables HTTP logging on a Windows IIS web server.
AMSI_initfailed Defense Evasion:
Disabling Security Tools


Add
This step uses PowerShell to install and register a password filter DLL on the target machine.
process_injection_via_mavinject Execution:
Signed Binary Proxy Execution


Add
This step uses Windows 10 utility mavinject to inject Dlls.
rundll32_syssetup_execution Execution:
Rundll32


Defense Evasion:
Rundll32


Add
This step executes a command using rundll32.exe with syssetup.dll.
extract_binary_files_via_VBA Execution:
Signed Binary Proxy Execution


Defense Evasion:
Signed Binary Proxy Execution


Add
This step extracts a binary (calc.exe) from inside of another binary and execute it.
overwrite_clipboard Impact:
Transmitted Data Manipulation


Add
This step overwrites the clipboard.