Operation Cobalt Whisper

T1003 - OS Credential Dumping T1003.001 - LSASS Memory T1005 - Data from Local System T1007 - System Service Discovery T1012 - Query Registry T1016 - System Network Configuration Discovery T1018 - Remote System Discovery T1020 - Automated Exfiltration T1021 - Remote Services T1021.001 T1027 - Obfuscated Files or Information T1027.010 T1033 - System Owner/User Discovery T1036 - Masquerading T1037 T1037.001 T1041 - Exfiltration Over C2 Channel T1046 - Network Service Scanning T1047 - Windows Management Instrumentation T1048 - Exfiltration Over Alternative Protocol T1048.001 - Exfiltration Over Symmetric Encrypted Non-C2 Protocol T1049 - System Network Connections Discovery T1053 - Scheduled Task/Job T1053.005 T1055 - Process Injection T1057 - Process Discovery T1059 - Command and Scripting Interpreter T1059.001 - PowerShell T1059.003 - Windows Command Shell T1059.004 - Unix Shell T1059.005 - Visual Basic T1059.006 - Python T1059.007 - JavaScript T1068 - Exploitation for Privilege Escalation T1069 - Permission Groups Discovery T1070 - Indicator Removal on Host T1070.004 - File Deletion T1070.006 - Timestomp T1071 - Application Layer Protocol T1071.001 - Web Protocols T1071.004 T1074 - Data Staged T1078 - Valid Accounts T1082 - System Information Discovery T1083 - File and Directory Discovery T1087 - Account Discovery T1090 - Proxy T1095 - Non-Application Layer Protocol T1098 - Account Manipulation T1102 - Web Service T1104 - Multi-Stage Channels T1105 - Ingress Tool Transfer T1106 - Native API T1110 - Brute Force T1112 - Modify Registry T1115 - Clipboard Data T1127 - Trusted Developer Utilities Proxy Execution T1129 - Shared Modules T1132 - Data Encoding T1132.001 - Standard Encoding T1134 - Access Token Manipulation T1135 - Network Share Discovery T1136 - Create Account T1140 - Deobfuscate/Decode Files or Information T1176 - Browser Extensions T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application T1195 - Supply Chain Compromise T1195.001 - Compromise Software Dependencies and Development Tools T1195.002 T1199 - Trusted Relationship T1203 T1204 - User Execution T1204.001 T1204.002 - Malicious File T1218 - Signed Binary Proxy Execution T1218.003 T1218.008 T1218.010 T1219 T1220 T1221 - Template Injection T1222 - File and Directory Permissions Modification T1480 - Execution Guardrails T1482 - Domain Trust Discovery T1485 - Data Destruction T1486 - Data Encrypted for Impact T1489 - Service Stop T1490 - Inhibit System Recovery T1496 - Resource Hijacking T1497 - Virtualization/Sandbox Evasion T1505 - Server Software Component T1505.003 - Web Shell T1518 - Software Discovery T1518.001 T1530 - Data from Cloud Storage Object T1531 - Account Access Removal T1543 - Create or Modify System Process T1543.003 T1546 - Event Triggered Execution T1547 - Boot or Logon Autostart Execution T1547.001 - Registry Run Keys / Startup Folder T1548 T1548.002 T1554 - Compromise Client Software Binary T1555 - Credentials from Password Stores T1559 - Inter-Process Communication T1559.002 T1560 - Archive Collected Data T1562 - Impair Defenses T1563 - Remote Service Session Hijacking T1564 - Hide Artifacts T1566 - Phishing T1566.001 - Spearphishing Attachment T1566.002 T1567 - Exfiltration Over Web Service T1569 - System Services T1569.002 - Service Execution T1570 - Lateral Tool Transfer T1572 - Protocol Tunneling T1573 - Encrypted Channel T1573.001 - Symmetric Cryptography T1573.002 - Asymmetric Cryptography T1574 - Hijack Execution Flow T1583 - Acquire Infrastructure T1583.001 - Domains T1583.003 - Virtual Private Server T1586 - Compromise Accounts T1586.002 - Email Accounts T1587 - Develop Capabilities T1588 T1588.002 T1590 - Gather Victim Network Information T1595 - Active Scanning T1595.002 - Vulnerability Scanning T1601 - Modify System Image T1610 - Deploy Container T1614 - System Location Discovery