UNC6395

T1020 - Automated Exfiltration T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1059 - Command and Scripting Interpreter T1070 - Indicator Removal on Host T1078 - Valid Accounts T1090 - Proxy T1102 - Web Service T1134 - Access Token Manipulation T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application T1199 - Trusted Relationship T1213 - Data from Information Repositories T1526 - Cloud Service Discovery T1528 - Steal Application Access Token T1530 - Data from Cloud Storage Object T1552 - Unsecured Credentials T1566.002 - Spearphishing Link T1567 - Exfiltration Over Web Service T1569 - System Services T1585 - Establish Accounts T1589 - Gather Victim Identity Information