Archive via Custom Method
Spearphishing Attachment
Disable or Modify Tools
Domain Account
Command and Scripting Interpreter
Protocol Tunneling
Databases
Command Obfuscation
JavaScript
Web Service
Data from Local System
Registry Run Keys / Startup Folder
Windows Command Shell
Tool
File Deletion
NTDS
Access Token Manipulation
Exploitation for Privilege Escalation
Malicious File
Masquerade Task or Service
Spearphishing via Service
PowerShell
Archive Collected Data
Code Signing
Remote Desktop Protocol
Automated Collection
Remote System Discovery
Scheduled Task
Service Execution
Network Service Discovery
Exfiltration Over Unencrypted Non-C2 Protocol
Windows Management Instrumentation
Password Cracking
Credentials from Password Stores
Non-Application Layer Protocol
Valid Accounts
Asymmetric Cryptography
LSASS Memory
Credentials from Web Browsers
Remote Data Staging