TA0001 4
Initial Access
T1078Valid Accounts
T1078.002Valid Accounts: Domain Accounts
T1133External Remote Services
T1190Exploit Public-Facing Application
TA0002 5
Execution
T1047Windows Management Instrumentation
T1059Command and Scripting Interpreter
T1059.001Command and Scripting Interpreter: PowerShell
T1059.002System Services: Service Execution
T1059.003Command and Scripting Interpreter: Windows Command Shell
TA0003 2
Persistence
T1136.001Create Account: Local Account
T1136.002Create Account: Domain Account
TA0004 2
Privilege Escalation
T1078.002Valid Accounts: Domain Accounts
TA0004Privilege Escalation
TA0005 2
Defense Evasion
T1112Modify Registry
T1562.001Impair Defenses: Disable or Modify Tools
TA0006 1
Credential Access
T1003.001OS Credential Dumping: LSASS Memory
TA0007 3
Discovery
T1018Remote System Discovery
T1082System Information Discovery
TA0007Discovery
TA0008 2
Lateral Movement
T1021.001Remote Services: Remote Desktop Protocol
T1570Lateral Tool Transfer
TA0009 1
Collection
T1560.001Archive Collected Data: Archive via Utility
TA0010 2
Exfiltration
T1048.003Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted Non-C2 Protocol
T1567.002Exfiltration Over Web Service: Exfiltration to Cloud Storage
TA0011 1
Command & Control
T1229Remote Access Software
TA0040 2
Impact
T1486Data Encrypted for Impact
T1490Inhibit System Recovery