sicarii

T1078Valid Accounts

T1189Drive-by Compromise

T1190Exploit Public-Facing Application

T1566Phishing

T1566.001Phishing: Spearphishing Attachment

T1566.002Phishing: Spearphishing Link

T1566.003Phishing: Spearphishing Voice

T1047Windows Management Instrumentation

T1053.005Scheduled Task/Job: Scheduled Task

T1059Command and Scripting Interpreter

T1059.001Command and Scripting Interpreter: PowerShell

T1059.003Command and Scripting Interpreter: Windows Command Shell

T1059.005Command and Scripting Interpreter: Visual Basic

T1106Native API

T1129Shared Modules

T1203Exploitation for Client Execution

T1204User Execution

T1204.001User Execution: Malicious Link

T1204.002User Execution: Malicious File

T1098Account Manipulation

T1505.004Server Software Component: IIS Components

T1542.003Pre-OS Boot: Bootkit

T1543.003Create or Modify System Process: Windows Service

T1547.001Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder

T1547.009Boot or Logon Autostart Execution: Shortcut Modification

T1574.001Hijack Execution Flow: DLL Search Order Hijacking

T1068Exploitation for Privilege Escalation

T1134Access Token Manipulation

T1134.002Access Token Manipulation: Create Process with Token

T1543Create or Modify System Process

T1027Obfuscated Files or Information

T1027.002Obfuscated Files or Information: Software Packing

T1027.005Obfuscated Files or Information: Indicator Removal from Tools

T1027.007Obfuscated Files or Information: Dynamic API Resolution

T1027.009Obfuscated Files or Information: Embedded Payloads

T1027.013Obfuscated Files or Information: Encrypted/Encoded File

T1036Masquerading

T1036.003Masquerading: Rename Legitimate Utilities

T1036.004Masquerading: Masquerade Task or Service

T1036.005Masquerading: Match Legitimate Name or Location

T1036.008Masquerading: Masquerade File Type

T1055.001Process Injection: DLL Injection

T1070Indicator Removal

T1070.003Indicator Removal: Clear Command History

T1070.004Indicator Removal: File Deletion

T1070.006Indicator Removal: Timestomp

T1140Deobfuscate/Decode Files or Information

T1202Indirect Command Execution

T1218System Binary Proxy Execution

T1218.005System Binary Proxy Execution: Mshta

T1218.010System Binary Proxy Execution: Regsvr32

T1218.011System Binary Proxy Execution: Rundll32

T1220XSL Script Processing

T1221Template Injection

T1222File and Directory Permissions Modification

T1497.001Virtualization/Sandbox Evasion: System Checks

T1497.003Virtualization/Sandbox Evasion: Time Based Checks

T1548Abuse Elevation Control Mechanism

T1553.002Subvert Trust Controls: Code Signing

T1562Impair Defenses

T1562.001Impair Defenses: Disable or Modify Tools

T1562.004Impair Defenses: Disable or Modify System Firewall

T1564.001Hidden Artifacts: Hidden Files and Directories

T1574.013Hijack Execution Flow: KernelCallbackTable

T1620Reflective DLL Injection

T1622Debugger Evasion

T1003OS Credential Dumping

T1056Input Capture

T1056.001Input Capture: Keylogging

T1110.003Brute Force: Password Spraying

T1539Steal Web Session Cookie

T1552Unsecured Credentials

T1552.001Unsecured Credentials: Credentials In Files

T1557.001Adversary-in-the-Middle: LLMNR/NBT-NS Poisoning

T1007System Service Discovery

T1010Application Window Discovery

T1012Query Registry

T1016System Network Configuration Discovery

T1033System Owner/User Discovery

T1046Network Service Discovery

T1049System Network Connections Discovery

T1057Process Discovery

T1082System Information Discovery

T1083File and Directory Discovery

T1087Account Discovery

T1087.002Account Discovery: Domain Account

T1124Time Discovery

T1135Network Share Discovery

T1518Software Discovery

T1614System Location Discovery

T1614.001System Location Discovery: System Language Discovery

T1021.001Remote Services: Remote Desktop Protocol

T1021.002Remote Services: SMB/Windows Admin Shares

T1021.004Remote Services: SSH

T1534Internal Spearphishing

T1005Data from Local System

T1074Data Staged

T1074.001Data Staged: Local Data Staging

T1114Email Collection

T1560Archive Collected Data

T1560.001Archive Collected Data: Archive via Utility

T1560.002Archive Collected Data: Archive via Library

T1560.003Archive Collected Data: Archive via Custom Method

T1041Exfiltration Over C2 Channel

T1048.003Exfiltration Over Alternative Protocol: Unencrypted Non-C2 Protocol

T1567.002Exfiltration Over Web Service: Exfiltration to Cloud Storage

T1001.003Data Obfuscation: Protocol or Service Impersonation

T1008Fallback Channels

T1071Application Layer Protocol

T1071.001Application Layer Protocol: Web Protocols

T1090.001Proxy: Internal Proxy

T1090.002Proxy: External Proxy

T1102.002Web Service: Bidirectional Communication

T1104Multi-Stage Channels

T1105Ingress Tool Transfer

T1132.001Data Encoding: Standard Encoding

T1571Non-Standard Port

T1573Encrypted Channel

T1573.001Encrypted Channel: Symmetric Cryptography

T1485Data Destruction

T1486Data Encrypted for Impact

T1489Service Stop

T1490Inhibit System Recovery

T1491.001Defacement: Internal Defacement

T1529System Shutdown/Reboot

T1561Disk Wipe

T1561.001Disk Wipe: Disk Content Wipe

T1561.002Disk Wipe: Disk Structure Wipe

T1583.001Acquire Infrastructure: Domains

T1583.004Acquire Infrastructure: Server

T1583.006Acquire Infrastructure: Web Services

T1584.001Compromise Infrastructure: Domains

T1584.004Compromise Infrastructure: Server

T1585.001Establish Accounts: Social Media Accounts

T1585.002Establish Accounts: Email Accounts

T1587.001Develop Capabilities: Malware

T1587.002Develop Capabilities: Code Signing Certificates

T1588.002Obtain Capabilities: Tool

T1588.003Obtain Capabilities: Code Signing Certificates

T1588.004Obtain Capabilities: Digital Certificates

T1608.001Stage Capabilities: Upload Malware

T1608.002Stage Capabilities: Upload Tool

T1589.002Gather Victim Identity Information: Email Addresses

T1591Gather Victim Org Information

T1591.004Gather Victim Org Information: Identify Roles

T1593.001Search Open Websites/Domains: Social Media