TA0001 4
Initial Access
T1078Valid Accounts
T1133External Remote Services
T1566Phishing
T1566.001Phishing: Spearphishing Attachment
TA0002 3
Execution
T1047Windows Management Instrumentation
T1059.001Command and Scripting Interpreter: PowerShell
T1204.002User Execution: Malicious File
TA0003 2
Persistence
T1053.005Scheduled Task/Job: Scheduled Task
T1547.001Boot or Logon Autostart Execution: Registry Run Keys
TA0004 0
Privilege Escalation
TA0005 11
Defense Evasion
T1014Rootkit
T1027Obfuscated Files or Information
T1036Masquerading
T1055Process Injection
T1070Indicator Removal
T1140Deobfuscate/Decode Files or Information
T1562.001Impair Defenses: Disable or Modify Tools
T1564Hidden Artifacts
T1622Debugger Evasion
T1672Email Spoofing
T1678Delay Execution
TA0006 3
Credential Access
T1003OS Credential Dumping
T1003.001OS Credential Dumping: LSASS Memory
T1555Credentials from Password Stores
TA0007 4
Discovery
T1082System Information Discovery
T1083File and Directory Discovery
T1135Network Share Discovery
T1526Cloud Service Discovery
TA0008 3
Lateral Movement
T1021.001Remote Services: Remote Desktop Protocol
T1021.002Remote Services: SMB/Windows Admin Shares
T1570Lateral Tool Transfer
TA0009 5
Collection
T1005Data from Local System
T1039Data from Network Shared Drive
T1056Input Capture
T1119Automated Collection
T1560Archive Collected Data
TA0010 2
Exfiltration
T1041Exfiltration Over C2 Channel
T1567Exfiltration Over Web Service
TA0011 2
Command & Control
T1071.001Application Layer Protocol: Web Protocols
T1573Encrypted Channel
TA0040 4
Impact
T1485Data Destruction
T1486Data Encrypted for Impact
T1489Service Stop
T1490Inhibit System Recovery