TA0001 3
Initial Access
T1078Valid Accounts
T1190Exploit Public-Facing Application
T1566Phishing
TA0002 5
Execution
T1059.001Command and Scripting Interpreter: PowerShell
T1059.003Command and Scripting Interpreter: Windows Command Shell
T1106Native API
T1203Exploitation for Client Execution
T1569.002System Services: Service Execution
TA0003 1
Persistence
T1543.003Create or Modify System Process: Windows Service
TA0004 1
Privilege Escalation
T1068Exploitation for Privilege Escalation
TA0005 4
Defense Evasion
T1027Obfuscated Files or Information
T1070Indicator Removal
T1070.004Indicator Removal: File Deletion
T1562.001Impair Defenses: Disable or Modify Tools
TA0006 0
Credential Access
TA0007 3
Discovery
T1046Network Service Discovery
T1083File and Directory Discovery
T1087.002Account Discovery: Domain Account
TA0008 1
Lateral Movement
T1021.001Remote Services: Remote Desktop Protocol
TA0010 1
Exfiltration
T1567.002Exfiltration Over Web Service: Exfiltration to Cloud Storage
TA0011 1
Command & Control
T1573.001Encrypted Channel: Symmetric Cryptography
TA0040 3
Impact
T1486Data Encrypted for Impact
T1489Service Stop
T1490Inhibit System Recovery