TA0001 2
Initial Access
T1078Valid Accounts
T1210Exploitation of Remote Services
TA0002 2
Execution
T1059.001PowerShell
T1203Exploitation for Client Execution
TA0003 1
Persistence
T1078Valid Accounts
TA0004 1
Privilege Escalation
T1068Exploitation for Privilege Escalation
TA0005 2
Defense Evasion
T1036Masquerading
T1562.001Disable or Modify Tools
TA0006 1
Credential Access
T1003OS Credential Dumping
TA0007 3
Discovery
T1018Remote System Discovery
T1046Network Service Scanning
T1082System Information Discovery
TA0008 1
Lateral Movement
T1021.002SMB/Windows Admin Shares
TA0009 1
Collection
T1005Data from Local System
TA0010 1
Exfiltration
T1041Exfiltration Over C2 Channel
TA0011 0
Command & Control
TA0040 4
Impact
T1486Data Encrypted for Impact
T1489Service Stop
T1490Inhibit System Recovery
T1491Defacement