LUNAR SPIDER

T1003 - OS Credential Dumping T1003.001 - LSASS Memory T1008 - Fallback Channels T1016 - System Network Configuration Discovery T1018 - Remote System Discovery T1020 - Automated Exfiltration T1021 - Remote Services T1021.001 - Remote Desktop Protocol T1021.002 - SMB/Windows Admin Shares T1027 - Obfuscated Files or Information T1031 - Modify Existing Service T1033 - System Owner/User Discovery T1036 - Masquerading T1039 - Data from Network Shared Drive T1043 - Commonly Used Port T1045 - Software Packing T1046 - Network Service Scanning T1047 - Windows Management Instrumentation T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1053 - Scheduled Task/Job T1053.005 - Scheduled Task T1055 - Process Injection T1056 - Input Capture T1057 - Process Discovery T1059 - Command and Scripting Interpreter T1059.001 - PowerShell T1059.003 - Windows Command Shell T1059.007 - JavaScript T1060 - Registry Run Keys / Startup Folder T1069 - Permission Groups Discovery T1069.001 - Local Groups T1069.002 - Domain Groups T1070 - Indicator Removal on Host T1070.004 - File Deletion T1071 - Application Layer Protocol T1071.001 - Web Protocols T1078 - Valid Accounts T1078.002 - Domain Accounts T1082 - System Information Discovery T1083 - File and Directory Discovery T1087 - Account Discovery T1087.001 - Local Account T1087.002 - Domain Account T1095 T1096 - NTFS File Attributes T1102 - Web Service T1105 - Ingress Tool Transfer T1106 T1112 - Modify Registry T1129 - Shared Modules T1134 - Access Token Manipulation T1135 - Network Share Discovery T1143 - Hidden Window T1147 - Hidden Users T1155 - AppleScript T1158 - Hidden Files and Directories T1176 - Browser Extensions T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application T1197 - BITS Jobs T1204 - User Execution T1204.002 - Malicious File T1204.003 - Malicious Image T1210 - Exploitation of Remote Services T1213 - Data from Information Repositories T1218 - Signed Binary Proxy Execution T1218.011 - Rundll32 T1219 - Remote Access Software T1222 - File and Directory Permissions Modification T1222.001 - Windows File and Directory Permissions Modification T1480 - Execution Guardrails T1482 - Domain Trust Discovery T1486 - Data Encrypted for Impact T1518 - Software Discovery T1518.001 - Security Software Discovery T1533 - Data from Local System T1547 - Boot or Logon Autostart Execution T1547.001 - Registry Run Keys / Startup Folder T1548 - Abuse Elevation Control Mechanism T1548.002 - Bypass User Account Control T1552 - Unsecured Credentials T1552.001 - Credentials In Files T1553 - Subvert Trust Controls T1553.002 - Code Signing T1555 - Credentials from Password Stores T1555.003 - Credentials from Web Browsers T1557 - Man-in-the-Middle T1560 - Archive Collected Data T1560.001 - Archive via Utility T1566 - Phishing T1569 - System Services T1569.002 - Service Execution T1570 - Lateral Tool Transfer T1571 - Non-Standard Port T1573 - Encrypted Channel T1573.001 - Symmetric Cryptography T1574.001 - DLL Search Order Hijacking T1583 - Acquire Infrastructure T1583.005 - Botnet T1584.006 - Web Services T1587.001 - Malware T1608.001 - Upload Malware T1614 - System Location Discovery TA0007 TA0011