Recon1
T1589.001Credentials
Exec6
T1106Native API
T1059.001PowerShell
T1053.005Scheduled Task
T1569.002Service Execution
T1059.003Windows Command Shell
T1047Windows Management Instrumentation
Persist2
T1574.001DLL
T1133External Remote Services
Defense8
T1070.001Clear Windows Event Logs
T1027.010Command Obfuscation
T1078.002Domain Accounts
T1070.004File Deletion
T1036.005Match Legitimate Resource Name or Location
T1550.002Pass the Hash
T1070.006Timestomp
T1078Valid Accounts
Creds5
T1110.004Credential Stuffing
T1556.001Domain Controller Authentication
T1111Multi-Factor Authentication Interception
T1003.003NTDS
T1110.003Password Spraying
Discovery18
T1217Browser Information Discovery
T1087.002Domain Account
T1482Domain Trust Discovery
T1083File and Directory Discovery
T1087.001Local Account
T1069.001Local Groups
T1680Local Storage Discovery
T1046Network Service Discovery
+10 more
Lateral4
T1570Lateral Tool Transfer
T1021.001Remote Desktop Protocol
T1021.002SMB/Windows Admin Shares
T1021.006Windows Remote Management
Collect8
T1560.001Archive via Utility
T1119Automated Collection
T1039Data from Network Shared Drive
T1074.001Local Data Staging
T1114.001Local Email Collection
T1074.002Remote Data Staging
T1114.002Remote Email Collection
T1213.002Sharepoint
C24
T1071.004DNS
T1105Ingress Tool Transfer
T1572Protocol Tunneling
T1071.001Web Protocols
Exfil2
T1041Exfiltration Over C2 Channel
T1567.002Exfiltration to Cloud Storage