TA0001 5
Initial Access
T1078Valid Accounts
T1190Exploit Public-Facing Application
T1199Trusted Relationship
T1566Phishing
T1566.001Phishing: Spearphishing Attachment
TA0002 3
Execution
T1059Command and Scripting Interpreter
T1059.005Command and Scripting Interpreter: Visual Basic
T1204.002User Execution: Malicious File
TA0003 5
Persistence
T1053Scheduled Task/Job
T1098Account Manipulation
T1505.003Server Software Component: Web Shell
T1543.003Create or Modify System Process: Windows Service
T1547.001Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder
TA0004 1
Privilege Escalation
T1548.002Abuse Elevation Control Mechanism: Bypass UAC
TA0005 6
Defense Evasion
T1027Obfuscated Files or Information
T1027.002Obfuscated Files or Information: Software Packing
T1027.011Obfuscated Files or Information: Fileless Storage
T1027.013Obfuscated Files or Information: Encrypted/Encoded File
T1070Indicator Removal
T1562.001Impair Defenses: Disable or Modify Tools
TA0006 1
Credential Access
T1003OS Credential Dumping
TA0007 2
Discovery
T1046Network Service Discovery
T1083File and Directory Discovery
TA0008 2
Lateral Movement
T1021.001Remote Services: Remote Desktop Protocol
T1021.002Remote Services: SMB/Windows Admin Shares
TA0009 2
Collection
T1005Data from Local System
T1560Archive Collected Data
TA0010 2
Exfiltration
T1041Exfiltration Over C2 Channel
T1567.002Exfiltration Over Web Service: Exfiltration to Cloud Storage
TA0011 1
Command & Control
T1071.001Application Layer Protocol: Web Protocols
TA0040 2
Impact
T1486Data Encrypted for Impact
T1490Inhibit System Recovery