FortiTester ATT&CK DB Ver

Name ATT&CK Tactics & Techniques Status Update
gather_RDP_credentials Credential Access:
Credential Dumping


Add
This step dumps svchost.exe.
installutil_evasive_invocation Defense Evasion:
Signed Binary Proxy Execution


Add
This step executes an InstallUtil assembly by renaming InstallUtil.exe.
download_file_with_connection_manager Command and Control:
Remote File Copy


Add
This step uses the cmdl32 to download file from the internet.
LLMNR_poisoning_with_inveigh Credential Access:
LLMNR/NBT-NS Poisoning and Relay


Add
This step conducts spoofing attacks and hash/credential captures.
malware_masquerading_and_execution Defense Evasion:
Masquerading


Add
This step unzips the file and executes the dll.
authentication_packages Persistence:
Authentication Package


Mod
This step add mimilb.dll to the Security Support Providers.