Recon2
T1589Gather Victim Identity Information
T1590.004Network Topology
Resource2
T1587.001Malware
T1588.002Tool
Initial1
T1190Exploit Public-Facing Application
Exec5
T1059.001PowerShell
T1053.005Scheduled Task
T1059.005Visual Basic
T1059.003Windows Command Shell
T1047Windows Management Instrumentation
Persist6
T1098.007Additional Local or Domain Groups
T1574.001DLL
T1133External Remote Services
T1136.001Local Account
T1547.001Registry Run Keys / Startup Folder
T1505.003Web Shell
Defense8
T1078.001Default Accounts
T1140Deobfuscate/Decode Files or Information
T1564.001Hidden Files and Directories
T1134.003Make and Impersonate Token
T1036.004Masquerade Task or Service
T1036Masquerading
T1036.005Match Legitimate Resource Name or Location
T1550.002Pass the Hash
Creds5
T1552.001Credentials In Files
T1003.001LSASS Memory
T1556Modify Authentication Process
T1003.003NTDS
T1003.002Security Account Manager
Discovery10
T1087Account Discovery
T1087.002Domain Account
T1083File and Directory Discovery
T1016.001Internet Connection Discovery
T1046Network Service Discovery
T1135Network Share Discovery
T1069Permission Groups Discovery
T1082System Information Discovery
+2 more
Lateral4
T1021.001Remote Desktop Protocol
T1021.002SMB/Windows Admin Shares
T1021.004SSH
T1021.006Windows Remote Management
Collect4
T1560.001Archive via Utility
T1005Data from Local System
T1056.001Keylogging
T1074.001Local Data Staging
C24
T1105Ingress Tool Transfer
T1090.001Internal Proxy
T1572Protocol Tunneling
T1071.001Web Protocols
Impact2
T1565Data Manipulation
T1657Financial Theft