Spearphishing Link
Office Template Macros
DLL
Tool
Mshta
Malicious Copy and Paste
Windows Management Instrumentation
Internal Spearphishing
LSA Secrets
Spearphishing Attachment
Domains
Network Topology
Component Object Model
Non-Standard Port
Windows Command Shell
Malware
CMSTP
Match Legitimate Resource Name or Location
Domain Account
JavaScript
Web Services
Visual Basic
System Network Configuration Discovery
Registry Run Keys / Startup Folder
Deobfuscate/Decode Files or Information
Dynamic Data Exchange
Command Obfuscation
Compile After Delivery
Security Software Discovery
Local Data Staging
Screen Capture
Web Protocols
Disable or Modify Tools
Software Discovery
File and Directory Discovery
Bypass User Account Control
Ingress Tool Transfer
Symmetric Cryptography
Exfiltration to Cloud Storage
Credentials from Web Browsers
Phishing
Archive via Utility
Impersonation
Python
System Network Connections Discovery
System Information Discovery
Credentials from Password Stores
Process Discovery
Standard Encoding
Multi-Stage Channels
Proxy
Malicious Link
Steganography
LSASS Memory
Scheduled Task
External Proxy
Malicious File
System Owner/User Discovery
Remote Desktop Software
Exfiltration Over C2 Channel
PowerShell
Bidirectional Communication
Rundll32
Credentials In Files
Exploit Public-Facing Application
Exploitation of Remote Services
Exploitation for Client Execution
Cached Domain Credentials