Security Software Discovery
User Activity Based Checks
Encrypted/Encoded File
Symmetric Cryptography
Taint Shared Content
System Information Discovery
Keylogging
Spearphishing Attachment
Process Discovery
Deobfuscate/Decode Files or Information
Drive-by Compromise
Replication Through Removable Media
Virtualization/Sandbox Evasion
System Checks
System Time Discovery
Code Signing
System Network Configuration Discovery
File and Directory Discovery
Windows Command Shell
Match Legitimate Resource Name or Location
Ingress Tool Transfer
Registry Run Keys / Startup Folder
Exploitation for Client Execution
Malicious File