TA0001 1
Initial Access
T1566.001Phishing: Spearphishing Attachment
TA0002 2
Execution
T1059.001Command and Scripting Interpreter: PowerShell
T1059.003Command and Scripting Interpreter: Windows Command Shell
TA0003 2
Persistence
T1543.003Create or Modify System Process: Windows Service
T1547.001Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder
TA0004 2
Privilege Escalation
T1078.002Domain Accounts
T1548.002Abuse Elevation Control Mechanism: Bypass User Account Control
TA0005 3
Defense Evasion
T1027.006Obfuscated Files or Information: HTML Smuggling
T1055Process Injection
T1078.002Domain Accounts
TA0006 0
Credential Access
TA0007 4
Discovery
T1087.001Account Discovery: Local Account
T1087.002Account Discovery: Domain Account
T1135Network Share Discovery
T1482Domain Trust Discovery
TA0008 3
Lateral Movement
T1021.002Remote Services: SMB/Windows Admin Shares
T1078.002Valid Accounts: Domain Accounts
T1550.002Use Alternate Authentication Material: Pass the Hash
TA0010 1
Exfiltration
T1567.002Exfiltration Over Web Service: Exfiltration to Cloud Storage
TA0011 2
Command & Control
T1071Application Layer Protocol
T1071.001Application Layer Protocol: Web Protocols
TA0040 1
Impact
T1486Data Encrypted for Impact