Caramel Tsunami

T1003 - OS Credential Dumping T1005 - Data from Local System T1027 - Obfuscated Files or Information T1056 - Input Capture T1057 - Process Discovery T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation T1071 - Application Layer Protocol T1078 - Valid Accounts T1083 - File and Directory Discovery T1113 - Screen Capture T1115 - Clipboard Data T1123 - Audio Capture T1140 - Deobfuscate/Decode Files or Information T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application T1499 T1547 - Boot or Logon Autostart Execution T1553.002 - Code Signing T1555 - Credentials from Password Stores T1566 - Phishing T1566.001