System Network Configuration Discovery
Upload Malware
Web Services
Windows Management Instrumentation
Symmetric Cryptography
Search Open Websites/Domains
Malicious Link
Network Service Discovery
Deobfuscate/Decode Files or Information
System Network Connections Discovery
Visual Basic
IDE Tunneling
Exfiltration to Cloud Storage
Scheduled Task
Domain Account
Spearphishing Link
Delay Execution
Hidden Files and Directories
Mshta
Dynamic API Resolution
Email Accounts
Remote Desktop Software
OS Credential Dumping
DCSync
InstallUtil
Email Accounts
Archive via Utility
Indicator Removal
Web Protocols
Remote System Discovery
Domain Groups
Protocol or Service Impersonation
Exfiltration Over Unencrypted Non-C2 Protocol
Spearphishing Link
Exfiltration Over C2 Channel
Software Deployment Tools
Adversary-in-the-Middle
Web Shell
IDE Extensions
Code Signing Certificates
Replication Through Removable Media
Windows Command Shell
Exfiltration over USB
LSASS Memory
Tool
Digital Certificates
Archive via Custom Method
File Deletion
Shared Modules
Process Discovery
System Information Discovery
Non-Application Layer Protocol
Exploitation for Client Execution
Executable Installer File Permissions Weakness
Stage Capabilities
Debugger Evasion
Spearphishing Attachment
Log Enumeration
File and Directory Discovery
Software Discovery
Domains
DLL
Windows Management Instrumentation Event Subscription
Native API
NTDS
Command and Scripting Interpreter
Code Signing
Obfuscated Files or Information
Registry Run Keys / Startup Folder
Automated Collection
Ingress Tool Transfer
Local Data Staging
JavaScript
PowerShell
Junk Code Insertion
Timestomp
Malicious File
Protocol Tunneling
Masquerade File Type
Double File Extension
Web Service
Traffic Signaling
Match Legitimate Resource Name or Location
Malware
LNK Icon Smuggling