Data Encrypted for Impact
Process Injection
System Owner/User Discovery
Modify Registry
System Network Connections Discovery
File Deletion
Space after Filename
Keylogging
Security Software Discovery
Windows Service
Bypass User Account Control
Drive-by Compromise
File and Directory Discovery
Windows Command Shell
Deobfuscate/Decode Files or Information
Visual Basic
System Shutdown/Reboot
Malicious Link
Web Protocols
Ingress Tool Transfer
Disable or Modify Tools
Software Packing
Browser Information Discovery
Clear Windows Event Logs
Mshta
Timestomp
Disable or Modify System Firewall
Data Destruction
Brute Force
Network Share Discovery
Mark-of-the-Web Bypass
System Information Discovery
Transmitted Data Manipulation
Network Device Firewall
Disk Structure Wipe
Rename Legitimate Utilities
Prevent Command History Logging
Scheduled Task
Tool
Web Shell
Clipboard Data
Rundll32
Runtime Data Manipulation
Domains
Native API
Compiled HTML File
Malicious File
Stored Data Manipulation
Data from Local System
PowerShell
Cron
Spearphishing Attachment
Msiexec
Service Execution
Mutual Exclusion
Process Discovery