CHRYSENE

T1001 - Data Obfuscation T1003 - OS Credential Dumping T1003.001 - LSASS Memory T1003.004 T1003.005 T1005 - Data from Local System T1007 - System Service Discovery T1008 T1009 - Binary Padding T1010 - Application Window Discovery T1011 T1012 - Query Registry T1014 - Rootkit T1016 - System Network Configuration Discovery T1016.001 T1016.002 T1018 - Remote System Discovery T1020 T1021 - Remote Services T1021.001 - Remote Desktop Protocol T1021.004 - SSH T1021.006 - Windows Remote Management T1025 - Data from Removable Media T1027 - Obfuscated Files or Information T1027.001 - Binary Padding T1027.002 - Software Packing T1027.005 T1027.010 T1027.013 T1030 T1031 - Modify Existing Service T1033 - System Owner/User Discovery T1036 - Masquerading T1036.004 T1036.005 - Match Legitimate Name or Location T1036.010 T1040 T1041 - Exfiltration Over C2 Channel T1045 - Software Packing T1046 - Network Service Scanning T1047 T1048 - Exfiltration Over Alternative Protocol T1048.001 - Exfiltration Over Symmetric Encrypted Non-C2 Protocol T1048.003 T1049 - System Network Connections Discovery T1053 - Scheduled Task/Job T1053.003 - Cron T1053.005 T1055 - Process Injection T1055.012 T1056 - Input Capture T1056.001 - Keylogging T1056.004 - Credential API Hooking T1057 - Process Discovery T1059 - Command and Scripting Interpreter T1059.001 - PowerShell T1059.003 - Windows Command Shell T1059.004 - Unix Shell T1059.005 T1059.006 - Python T1059.007 - JavaScript T1060 - Registry Run Keys / Startup Folder T1063 - Security Software Discovery T1068 - Exploitation for Privilege Escalation T1069 - Permission Groups Discovery T1069.001 T1069.002 T1070 - Indicator Removal on Host T1070.001 T1070.003 T1070.004 - File Deletion T1070.006 - Timestomp T1071 - Application Layer Protocol T1071.001 - Web Protocols T1071.004 - DNS T1074 - Data Staged T1074.001 T1078 - Valid Accounts T1078.001 T1078.002 T1078.003 T1078.004 - Cloud Accounts T1080 T1081 T1082 - System Information Discovery T1083 - File and Directory Discovery T1085 T1087 - Account Discovery T1087.001 T1087.002 T1087.003 T1090 - Proxy T1090.001 - Internal Proxy T1090.004 - Domain Fronting T1095 - Non-Application Layer Protocol T1098 T1098.002 T1098.007 T1102 - Web Service T1102.001 - Dead Drop Resolver T1102.002 T1104 - Multi-Stage Channels T1105 - Ingress Tool Transfer T1106 - Native API T1110 - Brute Force T1110.003 - Password Spraying T1111 T1112 - Modify Registry T1113 - Screen Capture T1114 - Email Collection T1114.001 T1114.002 T1115 - Clipboard Data T1119 T1120 T1123 T1124 T1125 - Video Capture T1127 - Trusted Developer Utilities Proxy Execution T1129 - Shared Modules T1130 T1132 - Data Encoding T1132.001 - Standard Encoding T1133 - External Remote Services T1134 - Access Token Manipulation T1135 - Network Share Discovery T1136 T1136.001 T1137 T1137.004 T1140 - Deobfuscate/Decode Files or Information T1155 - AppleScript T1162 - Login Item T1170 T1176 - Browser Extensions T1185 - Man in the Browser T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application T1192 - Spearphishing Link T1194 - Spearphishing via Service T1195 - Supply Chain Compromise T1199 - Trusted Relationship T1201 T1202 T1203 T1204 - User Execution T1204.001 - Malicious Link T1204.002 - Malicious File T1210 - Exploitation of Remote Services T1213 - Data from Information Repositories T1217 T1218 - Signed Binary Proxy Execution T1218.001 T1218.007 - Msiexec T1218.011 T1219 - Remote Access Software T1410 - Network Traffic Capture or Redirection T1449 - Exploit SS7 to Redirect Phone Calls/SMS T1454 - Malicious SMS Message T1457 - Malicious Media Content T1480 - Execution Guardrails T1482 T1483 - Domain Generation Algorithms T1485 T1486 T1489 - Service Stop T1490 - Inhibit System Recovery T1495 T1496 - Resource Hijacking T1497 - Virtualization/Sandbox Evasion T1497.001 T1497.003 T1498 - Network Denial of Service T1503 T1505 - Server Software Component T1505.003 - Web Shell T1518 - Software Discovery T1518.001 - Security Software Discovery T1520 - Domain Generation Algorithms T1529 T1530 T1531 T1534 T1539 T1543 - Create or Modify System Process T1543.003 - Windows Service T1546 - Event Triggered Execution T1547 - Boot or Logon Autostart Execution T1547.001 - Registry Run Keys / Startup Folder T1547.004 T1547.008 - LSASS Driver T1548 T1550 T1552 - Unsecured Credentials T1552.001 T1553 - Subvert Trust Controls T1553.002 T1554 T1555 - Credentials from Password Stores T1555.003 T1555.004 T1556 T1556.002 T1557 T1557.002 T1559 - Inter-Process Communication T1560 T1560.001 T1561 T1562 T1562.001 T1562.002 T1562.004 T1564 - Hide Artifacts T1564.003 - Hidden Window T1566 - Phishing T1566.001 - Spearphishing Attachment T1566.002 - Spearphishing Link T1566.003 T1567 - Exfiltration Over Web Service T1568 - Dynamic Resolution T1568.002 - Domain Generation Algorithms T1569 - System Services T1569.002 - Service Execution T1570 T1571 T1572 T1573 - Encrypted Channel T1573.001 - Symmetric Cryptography T1573.002 - Asymmetric Cryptography T1574 - Hijack Execution Flow T1574.002 - DLL Side-Loading T1574.008 - Path Interception by Search Order Hijacking T1583 - Acquire Infrastructure T1583.001 - Domains T1583.003 - Virtual Private Server T1583.005 - Botnet T1583.006 - Web Services T1584 - Compromise Infrastructure T1584.001 T1584.004 T1585 - Establish Accounts T1585.001 - Social Media Accounts T1585.002 T1585.003 T1586 - Compromise Accounts T1586.002 - Email Accounts T1587 - Develop Capabilities T1587.001 T1588 - Obtain Capabilities T1588.002 T1588.003 T1589 - Gather Victim Identity Information T1589.001 T1589.002 - Email Addresses T1590 - Gather Victim Network Information T1590.002 - DNS T1590.005 T1591 - Gather Victim Org Information T1591.001 T1592 - Gather Victim Host Information T1592.002 T1593.002 - Search Engines T1595 - Active Scanning T1595.002 - Vulnerability Scanning T1598 T1598.002 - Spearphishing Attachment T1598.003 - Spearphishing Link T1608 - Stage Capabilities T1608.001 - Upload Malware T1686 T1686.003 TA0003 TA0011 TA0037 - Command and Control