TA0001 3
Initial Access
T1078Valid Accounts
T1133External Remote Services
T1190Exploit Public-Facing Application
TA0002 6
Execution
T1053Scheduled Task/Job
T1059.001Command and Scripting Interpreter: PowerShell
T1059.003Command and Scripting Interpreter: Windows Command Shell
T1072Windows Management Instrumentation
T1106Native API
T1569.002System Services: Service Execution
TA0003 2
Persistence
T1078Valid Accounts
T1547Server Software Component
TA0004 3
Privilege Escalation
T1078Valid Accounts
T1134.002Access Token Manipulation: Create Process with Token
T1548.002Abuse Elevation Control Mechanism: Bypass User Account Control
TA0005 7
Defense Evasion
T1027Obfuscated Files or Information
T1036Masquerading
T1070.001Indicator Removal: Clear Windows Event Logs
T1112Modify Registry
T1140Deobfuscate/Decode Files or Information
T1497Virtualization/Sandbox Evasion
T1562.001Impair Defenses: Disable or Modify Tools
TA0006 3
Credential Access
T1003.001OS Credential Dumping: LSASS Memory
T1552Unsecured Credentials
T1555Credentials from Password Stores
TA0010 5
Exfiltration
T1020Automated Exfiltration
T1030Data Transfer Size Limits
T1041Exfiltration Over C2 Channel
T1048.002Exfiltration Over Alternative Protocol: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
T1567.002Exfiltration Over Web Service: Exfiltration to Cloud Storage
TA0011 0
Command & Control
TA0040 5
Impact
T1485Data Destruction
T1486Data Encrypted for Impact
T1489Service Stop
T1490Inhibit System Recovery
T1498Network Denial of Service