WageMole

T1003 - OS Credential Dumping T1005 - Data from Local System T1008 - Fallback Channels T1012 - Query Registry T1016 - System Network Configuration Discovery T1020 - Automated Exfiltration T1021 - Remote Services T1027 - Obfuscated Files or Information T1027.002 - Software Packing T1027.003 - Steganography T1027.010 T1027.013 T1033 - System Owner/User Discovery T1036 - Masquerading T1036.004 - Masquerade Task or Service T1036.005 - Match Legitimate Name or Location T1040 - Network Sniffing T1041 - Exfiltration Over C2 Channel T1048 T1048.003 T1053 - Scheduled Task/Job T1053.005 - Scheduled Task T1055 - Process Injection T1056 - Input Capture T1056.001 - Keylogging T1056.004 - Credential API Hooking T1057 - Process Discovery T1059 - Command and Scripting Interpreter T1059.001 - PowerShell T1059.003 - Windows Command Shell T1059.004 - Unix Shell T1059.005 - Visual Basic T1059.006 - Python T1059.007 - JavaScript T1070 - Indicator Removal on Host T1070.003 - Clear Command History T1070.004 T1070.006 - Timestomp T1071 - Application Layer Protocol T1071.001 - Web Protocols T1071.003 T1071.004 - DNS T1072 - Software Deployment Tools T1074 - Data Staged T1074.001 - Local Data Staging T1078 - Valid Accounts T1078.001 - Default Accounts T1082 - System Information Discovery T1083 - File and Directory Discovery T1087 - Account Discovery T1090 - Proxy T1095 - Non-Application Layer Protocol T1098 - Account Manipulation T1102 - Web Service T1102.001 - Dead Drop Resolver T1102.002 - Bidirectional Communication T1104 - Multi-Stage Channels T1105 - Ingress Tool Transfer T1106 - Native API T1113 - Screen Capture T1114 - Email Collection T1115 - Clipboard Data T1119 - Automated Collection T1123 - Audio Capture T1132 - Data Encoding T1133 - External Remote Services T1134 - Access Token Manipulation T1140 - Deobfuscate/Decode Files or Information T1187 - Forced Authentication T1190 - Exploit Public-Facing Application T1193 - Spearphishing Attachment T1194 - Spearphishing via Service T1195 - Supply Chain Compromise T1195.001 - Compromise Software Dependencies and Development Tools T1195.002 - Compromise Software Supply Chain T1199 - Trusted Relationship T1202 - Indirect Command Execution T1204 - User Execution T1204.001 - Malicious Link T1204.002 - Malicious File T1204.004 T1204.005 T1217 - Browser Bookmark Discovery T1219 - Remote Access Software T1219.002 T1480 T1496 - Resource Hijacking T1497 - Virtualization/Sandbox Evasion T1497.001 - System Checks T1518 - Software Discovery T1528 - Steal Application Access Token T1530 - Data from Cloud Storage Object T1531 - Account Access Removal T1543 T1543.001 T1546 T1546.001 - Change Default File Association T1546.004 T1547 - Boot or Logon Autostart Execution T1547.001 - Registry Run Keys / Startup Folder T1547.009 - Shortcut Modification T1547.013 T1548 - Abuse Elevation Control Mechanism T1550 - Use Alternate Authentication Material T1552 - Unsecured Credentials T1552.001 - Credentials In Files T1553 - Subvert Trust Controls T1553.002 - Code Signing T1555 - Credentials from Password Stores T1555.001 T1555.003 - Credentials from Web Browsers T1557 - Man-in-the-Middle T1560 - Archive Collected Data T1562 - Impair Defenses T1562.001 T1566 - Phishing T1566.001 - Spearphishing Attachment T1566.002 - Spearphishing Link T1566.003 - Spearphishing via Service T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration to Cloud Storage T1571 - Non-Standard Port T1573 - Encrypted Channel T1573.001 - Symmetric Cryptography T1573.002 - Asymmetric Cryptography T1574 - Hijack Execution Flow T1574.001 - DLL Search Order Hijacking T1574.002 - DLL Side-Loading T1583 - Acquire Infrastructure T1583.001 T1583.003 T1583.006 T1584 - Compromise Infrastructure T1585 - Establish Accounts T1585.001 - Social Media Accounts T1585.002 T1586 - Compromise Accounts T1587 - Develop Capabilities T1587.001 T1588 - Obtain Capabilities T1588.002 - Tool T1588.007 T1589 - Gather Victim Identity Information T1590 - Gather Victim Network Information T1591 - Gather Victim Org Information T1593 T1593.001 T1593.003 T1608 - Stage Capabilities T1608.001 T1656 T1657 T1681