TA0001 3
Initial Access
T1078Valid Accounts: Remote Desktop Protocol
T1190Exploit Public-Facing Application
T1566.001Phishing: Spearphishing Attachment
TA0002 2
Execution
T1059.001Command and Scripting Interpreter: PowerShell
T1059.003Command and Scripting Interpreter: Windows Command Shell
TA0004 0
Privilege Escalation
TA0005 2
Defense Evasion
T1070.001Indicator Removal: Clear Windows Event Logs
T1562.001Disable or Modify Tools
TA0006 1
Credential Access
T1003.001OS Credential Dumping: LSASS Memory
TA0007 1
Discovery
T1046Network Service Discovery
TA0008 2
Lateral Movement
T1021.001Remote Services: Remote Desktop Protocol
T1021.002Remote Services: SMB/Windows Admin Shares
TA0010 1
Exfiltration
T1567.002Exfiltration Over Web Service: Exfiltration to Cloud Storage
TA0011 1
Command & Control
T1219Remote Access Software
TA0040 2
Impact
T1486Data Encrypted for Impact
T1490Inhibit System Recovery