TA0001 3
Initial Access
T1189Drive-by Compromise
T1190Exploit Public-Facing Application
T1566.001Phishing: Spearphishing Attachment
TA0002 2
Execution
T1059.001Command and Scripting Interpreter: PowerShell
T1203Exploitation for Client Execution
TA0004 0
Privilege Escalation
TA0005 2
Defense Evasion
T1218.011Signed Binary Proxy Execution: Rundll32
T1562.001Disable or Modify Tools
TA0006 1
Credential Access
T1003.001OS Credential Dumping: LSASS Memory
TA0007 2
Discovery
T1018Remote System Discovery
T1046Network Service Discovery
TA0008 2
Lateral Movement
T1021.001Remote Services: Remote Desktop Protocol
T1021.002Remote Services: SMB/Windows Admin Shares
TA0010 1
Exfiltration
T1567Exfiltration Over Web Service
TA0011 1
Command & Control
T1071.001Application Layer Protocol: Web Protocols
TA0040 2
Impact
T1486Data Encrypted for Impact
T1490Inhibit System Recovery