Obfuscated Files or Information
Hidden Files and Directories
Web Service
Local Email Collection
Data from Network Shared Drive
Taint Shared Content
Malicious File
Data from Local System
Automated Collection
File and Directory Discovery
Windows Command Shell
PowerShell
Match Legitimate Resource Name or Location
Spearphishing Attachment
Visual Basic
Archive via Utility
Symmetric Cryptography
Web Protocols
Email Account
Malware
Local Account
GUI Input Capture
System Information Discovery
Malicious Link
Asymmetric Cryptography
Scheduled Task
Automated Exfiltration
Trusted Relationship
Transfer Data to Cloud Account
Indirect Command Execution
Credentials In Files
Rundll32
Domain Account
Spearphishing Link
Credentials in Registry
File Deletion
Registry Run Keys / Startup Folder
Credentials from Web Browsers
Python
LSASS Memory
Network Service Discovery