Malicious Link
Code Signing
Valid Accounts
Command and Scripting Interpreter
SSH
Exploit Public-Facing Application
Junk Code Insertion
Link Target
System Owner/User Discovery
Scheduled Task
VNC
Match Legitimate Resource Name or Location
Hidden Window
Spearphishing Link
Masquerade Task or Service
Rundll32
Windows Management Instrumentation
Reflective Code Loading
Visual Basic
Remote Access Tools
Hidden Files and Directories
PowerShell
Protocol Tunneling
Application Shimming
Dynamic Data Exchange
Domain Groups
Remote Desktop Protocol
Input Injection
Data Encrypted for Impact
Tool
Gather Victim Org Information
Service Execution
Web Services
User Activity Based Checks
JavaScript
Registry Run Keys / Startup Folder
Drive-by Target
Disable or Modify System Firewall
System Information Discovery
Video Capture
Non-Standard Port
Deobfuscate/Decode Files or Information
Command Obfuscation
Domain Account
Malicious File
Process Discovery
Mshta
Bidirectional Communication
Ingress Tool Transfer
Local Accounts
Identify Roles
System Time Discovery
Domains
Data from Local System
Windows Service
Replication Through Removable Media
DNS
Windows Command Shell
Spearphishing Attachment
Upload Malware
Fallback Channels
Kerberoasting
Compromise Software Supply Chain
Screen Capture
Exfiltration to Cloud Storage
Exploitation of Remote Services
Malware