MirrorFace

T1003 - OS Credential Dumping T1003.001 T1003.002 T1003.003 T1005 T1007 T1016 T1018 T1021 T1021.001 T1021.002 - SMB/Windows Admin Shares T1027 - Obfuscated Files or Information T1027.001 T1027.013 T1033 T1036 - Masquerading T1036.005 T1036.007 T1036.008 T1039 - Data from Network Shared Drive T1047 - Windows Management Instrumentation T1048 T1048.002 T1049 T1052.001 T1053 - Scheduled Task/Job T1053.005 - Scheduled Task T1055 - Process Injection T1057 T1059 T1059.001 T1059.003 T1059.005 - Visual Basic T1070 T1070.001 - Clear Windows Event Logs T1070.004 - File Deletion T1070.006 - Timestomp T1071 T1071.001 T1071.002 T1071.004 - DNS T1074 T1074.001 T1074.002 T1078 T1082 T1083 - File and Directory Discovery T1087 - Account Discovery T1087.002 T1090 T1091 T1102 - Web Service T1104 - Multi-Stage Channels T1105 T1112 - Modify Registry T1113 - Screen Capture T1114 T1114.001 T1119 T1127 T1127.001 - MSBuild T1132 - Data Encoding T1133 - External Remote Services T1134.002 - Create Process with Token T1137 T1137.001 T1140 - Deobfuscate/Decode Files or Information T1190 T1203 T1204 - User Execution T1204.001 T1204.002 T1217 T1218.004 T1218.005 T1219 T1219.001 T1221 T1482 T1518 T1543.003 - Windows Service T1546.003 T1547 - Boot or Logon Autostart Execution T1547.001 T1553 T1553.002 T1556 T1556.002 T1560 T1560.001 - Archive via Utility T1560.003 T1562.001 - Disable or Modify Tools T1562.004 - Disable or Modify System Firewall T1564 - Hide Artifacts T1564.001 T1566 - Phishing T1566.001 T1566.002 T1568 - Dynamic Resolution T1568.002 - Domain Generation Algorithms T1573.001 T1573.002 - Asymmetric Cryptography T1574 T1574.001 T1574.002 T1583.001 T1585 T1585.002 T1585.003 T1586 T1586.002 T1587 T1587.001 T1588 T1588.002 T1591 T1608 T1608.001 T1608.005 T1614 T1614.001 T1684 T1684.001 T1685 T1685.005 T1686 T1686.003