UNC6040

T1020 - Automated Exfiltration T1021 - Remote Services T1021.002 T1036.005 T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1056 - Input Capture T1059 - Command and Scripting Interpreter T1059.001 - PowerShell T1071.001 T1078 - Valid Accounts T1090 - Proxy T1102 - Web Service T1114 - Email Collection T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application T1199 - Trusted Relationship T1204 - User Execution T1213 - Data from Information Repositories T1528 - Steal Application Access Token T1530 - Data from Cloud Storage Object T1534 - Internal Spearphishing T1539 - Steal Web Session Cookie T1550 - Use Alternate Authentication Material T1552 - Unsecured Credentials T1555 - Credentials from Password Stores T1557 - Man-in-the-Middle T1558 - Steal or Forge Kerberos Tickets T1566 - Phishing T1566.002 - Spearphishing Link T1566.003 - Spearphishing via Service T1567 - Exfiltration Over Web Service T1583.001 - Domains T1584 - Compromise Infrastructure T1585 - Establish Accounts T1586 - Compromise Accounts T1587 - Develop Capabilities T1588 - Obtain Capabilities T1589 - Gather Victim Identity Information T1590 - Gather Victim Network Information T1592 - Gather Victim Host Information