Research Article
GroupTracer: Automatic Attacker TTP Profile Extraction and Group Cluster in Internet of Things
Table 7
Techniques corresponding to each tactic and commands mapped to these techniques in our datasets.
| | Tactic | Technique | Command |
| | Defense evasion | Disabling security tools
Clearing command history
File deletion
File and directory permissions modification | service iptables stop
history -c
rm
chmod |
| | Discovery | Process discovery
File and directory discovery | ps
cd; ls; dir |
| | Lateral movement | Remote File copy | tftp; wget; curl; ftpget |
| | Execution | Exploitation for client Execution | sh;./mips;./zuki;./nig |
| | Impact | Network denial of service | ultimate |
| | Collection | Data from local system | echo; more; cat |
|
|
