Links

TTPs

  • T1547 - Boot or Logon Autostart Execution
  • T1027 - Obfuscated Files or Information
  • T1016 - System Network Configuration Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1049 - System Network Connections Discovery
  • T1003 - OS Credential Dumping
  • T1018 - Remote System Discovery
  • T1021 - Remote Services
  • T1047 - Windows Management Instrumentation
  • T1053 - Scheduled Task/Job
  • T1055 - Process Injection
  • T1059 - Command and Scripting Interpreter
  • T1071 - Application Layer Protocol
  • T1082 - System Information Discovery
  • T1083 - File and Directory Discovery
  • T1087 - Account Discovery
  • T1204 - User Execution
  • T1218 - Signed Binary Proxy Execution
  • T1482 - Domain Trust Discovery
  • T1486 - Data Encrypted for Impact
  • T1518 - Software Discovery
  • T1614 - System Location Discovery