FortiTester ATT&CK DB Ver

Name ATT&CK Tactics & Techniques Status Update
spawned_command_shell_via_Word Initial Access:
Spearphishing Attachment


Add
This step generates a command prompt and ping 8.8.8.8.
clear_powershell_history Defense Evasion:
File Deletion


Add
This step clears Powershell history.
running_Chrome_VPN_extensions Initial Access:
External Remote Services


Persistence:
External Remote Services


Add
Running Chrome VPN Extensions via the Registry install 2 vpn extension.
WINWORD_remote_template_injection Defense Evasion:
Template Injection


Add
Open a .docx file that loads a remote .dotm macro enabled template.
Register-CimProvider Execution:
Signed Binary Proxy Execution


Defense Evasion:
Signed Binary Proxy Execution


Add
This step executes arbitrary dll. Upon execution, calc.exe will be opened.
Windows_internal_packet_capture Discovery:
Network Sniffing


Add
This step uses the built-in Windows packet capture.
WMI_scheduled_task Execution:
Scheduled Task


Persistence:
Scheduled Task


Add
This step creates a scheduled task that executes notepad.exe after user login from XML by leveraging WMI class PS_ScheduledTask.
screencapture_steps_recorder Collection:
Screen Capture


Add
This step uses Psr.exe binary to collect screenshots of user display.