Bitwise Spider

T1001 - Data Obfuscation T1003 - OS Credential Dumping T1003.001 - LSASS Memory T1003.006 - DCSync T1005 - Data from Local System T1007 - System Service Discovery T1011 - Exfiltration Over Other Network Medium T1012 - Query Registry T1014 - Rootkit T1016 - System Network Configuration Discovery T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Desktop Protocol T1021.002 - SMB/Windows Admin Shares T1021.006 - Windows Remote Management T1027 - Obfuscated Files or Information T1029 - Scheduled Transfer T1030 - Data Transfer Size Limits T1033 - System Owner/User Discovery T1036 - Masquerading T1036.003 - Rename System Utilities T1036.004 - Masquerade Task or Service T1036.005 - Match Legitimate Name or Location T1037 - Boot or Logon Initialization Scripts T1040 - Network Sniffing T1041 - Exfiltration Over C2 Channel T1045 - Software Packing T1046 - Network Service Scanning T1047 - Windows Management Instrumentation T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1049 - System Network Connections Discovery T1053 - Scheduled Task/Job T1053.003 - Cron T1053.005 - Scheduled Task T1055 - Process Injection T1055.002 - Portable Executable Injection T1055.012 - Process Hollowing T1056 - Input Capture T1056.001 - Keylogging T1056.002 - GUI Input Capture T1057 - Process Discovery T1059 - Command and Scripting Interpreter T1059.001 - PowerShell T1059.002 - AppleScript T1059.003 - Windows Command Shell T1059.004 - Unix Shell T1059.005 - Visual Basic T1059.006 - Python T1059.007 - JavaScript T1060 - Registry Run Keys / Startup Folder T1063 - Security Software Discovery T1068 - Exploitation for Privilege Escalation T1069 - Permission Groups Discovery T1070 - Indicator Removal on Host T1070.001 - Clear Windows Event Logs T1070.004 - Indicator Removal T1070.006 - Timestomp T1071 - Application Layer Protocol T1071.001 - Web Protocols T1071.002 - File Transfer Protocols T1071.004 - DNS T1072 - Software Deployment Tools T1078 - Valid Accounts T1078.002 - Domain Accounts T1078.003 - Local Accounts T1081 - Credentials in Files T1082 - System Information Discovery T1083 - File and Directory Discovery T1087 - Account Discovery T1087.002 - Domain Account T1090 - Proxy T1095 - Non-Application Layer Protocol T1098 - Account Manipulation T1102 - Web Service T1105 - Ingress Tool Transfer T1106 - Native API T1110 - Brute Force T1110.001 - Password Guessing T1112 - Modify Registry T1113 - Screen Capture T1114 - Email Collection T1119 - Automated Collection T1123 - Audio Capture T1127 - Trusted Developer Utilities Proxy Execution T1129 - Shared Modules T1132 - Data Encoding T1133 - External Remote Services T1134 - Access Token Manipulation T1135 - Network Share Discovery T1136 - Create Account T1136.001 - Local Account T1137 - Office Application Startup T1140 - Deobfuscate/Decode Files or Information T1143 - Hidden Window T1155 - AppleScript T1176 - Browser Extensions T1185 - Man in the Browser T1187 - Forced Authentication T1189 - Drive-by Compromise T1190 - Exploit Public Facing Application T1192 - Spearphishing Link T1195 - Supply Chain Compromise T1199 - Trusted Relationship T1202 - Indirect Command Execution T1203 - Exploitation for Client Execution T1204 - User Execution T1204.001 - Malicious Link T1204.002 - Malicious File T1210 - Exploitation of Remote Services T1212 - Exploitation for Credential Access T1213 - Data from Information Repositories T1218 - Signed Binary Proxy Execution T1218.005 - Mshta T1218.011 - Rundll32 T1219 - Remote Access Software T1222 - File and Directory Permissions Modification T1407 - Download New Code at Runtime T1418 - Application Discovery T1420 - File and Directory Discovery T1444 - Masquerade as Legitimate Application T1449 - Exploit SS7 to Redirect Phone Calls/SMS T1476 - Deliver Malicious App via Other Means T1480.001 - Execution Guardrails T1482 - Domain Trust Discovery T1484 - Domain Policy Modification T1485 - Data Destruction T1486 - Data Encrypted for Impact T1489 - Service Stop T1490 - Inhibit System Recovery T1491.001 - Defacement T1495 - Firmware Corruption T1496 - Resource Hijacking T1497 - Virtualization/Sandbox Evasion T1497.001 - System Checks T1497.002 - User Activity Based Checks T1498 - Network Denial of Service T1499 - Endpoint Denial of Service T1505 - Server Software Component T1505.001 - SQL Stored Procedures T1505.003 - Web Shell T1518 - Software Discovery T1530 - Data from Cloud Storage Object T1531 - Account Access Removal T1537 - Transfer Data to Cloud Account T1539 - Steal Web Session Cookie T1542 - Pre-OS Boot T1543 - Create or Modify System Process T1543.001 - Launch Agent T1543.003 - Windows Service T1546 - Event Triggered Execution T1547 - Boot or Logon Autostart Execution T1547.001 - Registry Run Keys / Startup Folder T1548 - Abuse Elevation Control Mechanism T1550 - Use Alternate Authentication Material T1550.002 - Pass the Hash T1552 - Unsecured Credentials T1552.001 - Credentials In Files T1553 - Subvert Trust Controls T1555 - Credentials from Password Stores T1556 - Modify Authentication Process T1557 - Man-in-the-Middle T1559 - Inter-Process Communication T1560 - Archive Collected Data T1560.001 - Archive via Utility T1561 - Disk Wipe T1561.002 - Disk Structure Wipe T1562 - Impair Defenses T1562.001 - Disable or Modify Tools T1562.003 - Impair Command History Logging T1564 - Hide Artifacts T1566 - Phishing T1566.001 - Spearphishing Attachment T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1569 - System Services T1569.002 - Service Execution T1570 - Lateral Tool Transfer T1572 - Protocol Tunneling T1573 - Encrypted Channel T1574 - Hijack Execution Flow T1574.002 - DLL Side-Loading T1583 - Acquire Infrastructure T1583.001 - Domains T1583.003 - Virtual Private Server T1583.005 - Botnet T1583.006 - Web Services T1587 - Develop Capabilities T1587.001 - Malware T1588 - Obtain Capabilities T1588.001 - Malware T1588.002 - Tool T1588.005 - Exploits T1589 - Gather Victim Identity Information T1589.001 - Credentials T1590 - Gather Victim Network Information T1590.005 - IP Addresses T1592 - Gather Victim Host Information T1595 - Active Scanning T1595.002 - Vulnerability Scanning T1598 - Phishing for Information T1600 - Weaken Encryption T1601 - Modify System Image T1608 - Stage Capabilities T1611 - Escape to Host TA0011 - Command and Control