ExCobalt

T1003 - OS Credential Dumping T1005 T1016 T1018 - Remote System Discovery T1020 T1021 - Remote Services T1027 - Obfuscated Files or Information T1033 - System Owner/User Discovery T1036 T1039 T1047 - Windows Management Instrumentation T1053 T1055 - Process Injection T1059 - Command and Scripting Interpreter T1068 T1069 - Permission Groups Discovery T1070.004 - File Deletion T1071 - Application Layer Protocol T1071.001 - Web Protocols T1078 T1082 - System Information Discovery T1083 T1087 - Account Discovery T1102 - Web Service T1104 - Multi-Stage Channels T1105 - Ingress Tool Transfer T1106 - Native API T1110 - Brute Force T1127 - Trusted Developer Utilities Proxy Execution T1134 - Access Token Manipulation T1135 - Network Share Discovery T1176 - Browser Extensions T1189 - Drive-by Compromise T1199 T1203 - Exploitation for Client Execution T1204 - User Execution T1213 T1218 - Signed Binary Proxy Execution T1482 - Domain Trust Discovery T1486 - Data Encrypted for Impact T1490 - Inhibit System Recovery T1518 - Software Discovery T1530 - Data from Cloud Storage Object T1546 - Event Triggered Execution T1547 - Boot or Logon Autostart Execution T1547.001 - Registry Run Keys T1560 - Archive Collected Data T1564 - Hide Artifacts T1566 T1566.001 - Spearphishing Attachment T1567 - Exfiltration Over Web Service T1569 - System Services T1570 - Lateral Tool Transfer T1572 - Protocol Tunneling