TA0001 4
Initial Access
T1078.004Valid Accounts: Cloud Accounts
T1091Replication Through Removable Media
T1133External Remote Services
T1566.003Phishing: Spearphishing Voice (Vishing)
TA0002 3
Execution
T1059.004Command and Scripting Interpreter: Unix Shell
T1059.006Command and Scripting Interpreter: Python
T1204.002User Execution: Malicious File
TA0003 2
Persistence
T1098.003Account Manipulation: Additional Cloud Credentials
T1136.001Create Account: Local Account
TA0004 0
Privilege Escalation
TA0005 3
Defense Evasion
T1036.005Masquerading: Match Legitimate Name or Location
T1070.001Indicator Removal: Clear Windows Event Logs
T1562.001Impair Defenses: Disable or Modify Tools
TA0006 0
Credential Access
TA0007 3
Discovery
T1018Remote System Discovery
T1083File and Directory Discovery
T1538Cloud Service Dashboard
TA0010 1
Exfiltration
T1567.002Exfiltration Over Web Service: Exfiltration to Cloud Storage
TA0011 0
Command & Control
TA0040 2
Impact
T1486Data Encrypted for Impact
T1657Financial Theft