Code Signing Certificates
Windows Credential Manager
System Information Discovery
LSASS Memory
Fallback Channels
Web Protocols
Data from Local System
Windows Host Firewall
Windows Command Shell
Remote Desktop Protocol
Web Shell
Malware
Upload Malware
Masquerading
Remote Access Tools
Compiled HTML File
Network Service Discovery
Local Account
Outlook Home Page
Domain Groups
Screen Capture
Data from Removable Media
System Service Discovery
Password Filter DLL
PowerShell
File Deletion
Tool
Malicious File
External Remote Services
Domain Accounts
Password Policy Discovery
Email Accounts
Domain Account
LSA Secrets
Deobfuscate/Decode Files or Information
Code Signing
Exfiltration Over Unencrypted Non-C2 Protocol
Brute Force
Visual Basic
Spearphishing Link
Modify Registry
Peripheral Device Discovery
DNS
Ingress Tool Transfer
System Network Connections Discovery
Windows Service
Supply Chain Compromise
Malicious Link
Valid Accounts
Asymmetric Cryptography
Spearphishing Attachment
Scheduled Task
Automated Collection
Domains
Keylogging
Match Legitimate Resource Name or Location
System Owner/User Discovery
Spearphishing via Service
Protocol Tunneling
Windows Management Instrumentation
SSH
Credentials from Password Stores
Clipboard Data
Cached Domain Credentials
Encrypted/Encoded File
Local Groups
Credentials In Files
Process Discovery
Credentials from Web Browsers
System Network Configuration Discovery
Exploitation for Client Execution
Query Registry
Command and Scripting Interpreter
System Checks
Exploitation for Privilege Escalation
Indicator Removal from Tools