Keychain
Establish Accounts
File and Directory Discovery
Web Services
Non-Standard Port
Malicious Library
Remote Desktop Software
Masquerading
Malicious File
Virtualization/Sandbox Evasion
Exfiltration Over Web Service
Unix Shell
Malware
Code Repositories
Domains
Spearphishing via Service
Unix Shell Configuration Modification
Written Content
Disable or Modify Tools
Search Threat Vendor Data
Windows Command Shell
Financial Theft
Exfiltration Over Unencrypted Non-C2 Protocol
JavaScript
XDG Autostart Entries
Develop Capabilities
File Deletion
Tool
Launch Agent
Exfiltration Over C2 Channel
Social Media
Acquire Infrastructure
Encrypted/Encoded File
Exfiltration to Cloud Storage
Impersonation
Malicious Copy and Paste
Python
Gather Victim Identity Information
Virtual Private Server
Artificial Intelligence
Proxy
Symmetric Cryptography
Malicious Link
Mail Protocols
System Information Discovery
Search Open Websites/Domains
Command Obfuscation
Upload Malware
Visual Basic
Execution Guardrails
Social Media Accounts
Registry Run Keys / Startup Folder
Email Accounts
Audio-Visual Content