| ID | Name |
|---|---|
| ATAGS-T1111.001 | Lower Orbit Satellites, or Drones |
| ATAGS-T1111.002 | ARP Cache Poisoning |
| ATAGS-T1111.003 | DHCP Spoofing |
| ATAGS-T1111.004 | Evil Twin |
| ATAGS-T1111.005 | LLMNR/NBT-NS Poisoning and SMB Relay |
| ATAGS-T1111.006 | Unauthenticated gateway or unauthenticated interplanetary node |
| ATAGS-T1111.007 | Satellite constellation |
By responding to LLMNR/NBT-NS network traffic, Threat Actors may spoof an authoritative source for name resolution to force communication with Threat Actors controlled system. This activity may be used to collect or relay authentication materials.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.