TA0001 2
Initial Access
T1078Valid Accounts
T1566Phishing
TA0002 3
Execution
T1059.001Command and Scripting Interpreter: PowerShell
T1204.002User Execution: Malicious File
T1204.004User Execution: Malicious Copy and Paste
TA0003 1
Persistence
T1547.001Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder
TA0004 0
Privilege Escalation
TA0005 2
Defense Evasion
T1027.013Obfuscated Files or Information: Encrypted/Encoded File
T1055.001Process Injection: DLL Injection
TA0006 2
Credential Access
T1056.001Input Capture: Keylogging
T1555.003Credentials from Password Stores: Credentials from Web Browsers
TA0009 5
Collection
T1005Data from Local System
T1074Data Staged
T1114Email Collection
T1213Data from Information Repositories
T1560.001Archive Collected Data: Archive via Utility
TA0010 3
Exfiltration
T1041Exfiltration Over C2 Channel
T1567Exfiltration Over Web Service
T1567.004Exfiltration Over Webhook
TA0011 2
Command & Control
T1071.001Application Layer Protocol: Web Protocols
T1090.003Proxy: Multi-hop Proxy