TA0001 4
Initial Access
T1078Valid Accounts
T1110Brute Force
T1190Exploit Public-Facing Application
T1566Phishing
TA0002 2
Execution
T1059Command and Scripting Interpreter
T1072Software Deployment Tools
TA0003 4
Persistence
T1053Scheduled Task/Job
T1136Create Account
T1547Boot or Logon Autostart Execution
T1547.001Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder
TA0004 1
Privilege Escalation
T1068Exploitation for Privilege Escalation
TA0005 4
Defense Evasion
T1027Obfuscated Files or Information
T1036Masquerading
T1070Indicator Removal
T1218System Binary Proxy Execution
TA0006 3
Credential Access
T1003OS Credential Dumping
T1003.001OS Credential Dumping: LSASS Memory
T1552Unsecured Credentials
TA0007 4
Discovery
T1046Network Service Discovery
T1057Process Discovery
T1082System Information Discovery
T1083File and Directory Discovery
TA0008 3
Lateral Movement
T1021.001Remote Services: Remote Desktop Protocol
T1021.002Remote Services: SMB/Windows Admin Shares
T1047Windows Management Instrumentation
TA0009 3
Collection
T1119Automated Collection
T1560Archive Collected Data
T1560.001Archive Collected Data: Archive via Utility
TA0010 3
Exfiltration
T1041Exfiltration Over C2 Channel
T1048Exfiltration Over Alternative Protocol
T1567.002Exfiltration Over Web Service: Exfiltration to Cloud Storage
TA0011 2
Command & Control
T1071Application Layer Protocol
T1573Encrypted Channel
TA0040 1
Impact
T1486Data Encrypted for Impact