TA0001 2
Initial Access
T1548.002Abusing Elevation Control Mechanism: Bypass User Account Control
T1566Phishing
TA0002 2
Execution
T1059Command and Scripting Interpreter
T1129Shared Modules
TA0003 1
Persistence
T1547.001Registry Run Keys / Startup Folder
TA0004 3
Privilege Escalation
T1055Process Injection
T1055.003Thread Execution Hijacking
T1547.001Registry Run Keys
TA0005 8
Defense Evasion
T1027Obfuscated Files or Information
T1036Masquerading
T1055Process Injection
T1055.003Thread Execution Hijacking
T1497Virtualization/Sandbox Evasion
T1564Hidden Artifacts
T1564.004NTFS File Attributes
T1620Reflective DLL Injection
TA0006 0
Credential Access
TA0007 6
Discovery
T1010Application Window Discovery
T1057Process Discovery
T1082System Information Discovery
T1083File and Directory Discovery
T1497Virtualization/Sandbox Evasion
T1518.001Security Software Discovery
TA0009 2
Collection
T1005Data from Local System
T1119Automated Collection
TA0010 1
Exfiltration
T1041Exfiltration Over C2 Channel
TA0011 2
Command & Control
T1071Application Layer Protocol
T1071.001Web Protocols
TA0040 1
Impact
T1486Data Encrypted for Impact