Evidence Category · 13 Questions

MITRE ATT&CK and Attribution

Measures tool/technique identification and attribution.

Questions in This Category

Q080Credential dumping tool used?

Q081Which tool for network scanning?

Q082Which tool for SQL injection?

Q083What hid the attacker's traffic?

Q084Which tool to pull credentials from the DC?

Q085Persistence achieved with which value?

Q086Exfil over which protocol?

Q087Lateral movement technique?

Q150MITRE TID for exfiltration?

Q151MITRE TID for credential dumping?

Q152MITRE TID for persistence (Run key)?

Q153MITRE TID for lateral movement?

Q180Which tool did the attacker use for network scanning?