[Unnamed group]

T1001 - Data Obfuscation T1001.001 - Junk Data T1001.003 - Protocol Impersonation T1012 - Query Registry T1014 - Rootkit T1017 - Application Deployment Software T1027 - Obfuscated Files or Information T1027.002 - Software Packing T1031 - Modify Existing Service T1036 - Masquerading T1036.004 - Masquerade Task or Service T1038 - DLL Search Order Hijacking T1041 - Exfiltration Over C2 Channel T1045 - Software Packing T1046 - Network Service Scanning T1049 - System Network Connections Discovery T1053 - Scheduled Task/Job T1053.001 - At (Linux) T1053.002 - At (Windows) T1053.003 - Cron T1053.006 - Systemd Timers T1053.007 - Container Orchestration Job T1055 - Process Injection T1055.001 - Dynamic-link Library Injection T1055.002 - Portable Executable Injection T1055.003 - Thread Execution Hijacking T1055.004 - Asynchronous Procedure Call T1055.008 - Ptrace System Calls T1056 - Input Capture T1056.001 - Keylogging T1056.003 - Web Portal Capture T1059 - Command and Scripting Interpreter T1059.003 - Windows Command Shell T1059.006 - Python T1059.007 - JavaScript T1068 - Exploitation for Privilege Escalation T1071 - Application Layer Protocol T1071.001 - Web Protocols T1071.003 - Mail Protocols T1071.004 - DNS T1081 - Credentials in Files T1082 - System Information Discovery T1087.003 - Email Account T1088 - Bypass User Account Control T1094 - Custom Command and Control Protocol T1105 - Ingress Tool Transfer T1110.002 - Password Cracking T1111 - Two-Factor Authentication Interception T1113 - Screen Capture T1114 - Email Collection T1114.001 - Local Email Collection T1114.002 - Remote Email Collection T1114.003 - Email Forwarding Rule T1125 - Video Capture T1129 - Shared Modules T1140 - Deobfuscate/Decode Files or Information T1155 - AppleScript T1156 - Malicious Shell Modification T1185 - Man in the Browser T1192 - Spearphishing Link T1193 - Spearphishing Attachment T1194 - Spearphishing via Service T1195.002 - Compromise Software Supply Chain T1202 - Indirect Command Execution T1204.001 - Malicious Link T1204.002 - Malicious File T1210 - Exploitation of Remote Services T1410 - Network Traffic Capture or Redirection T1444 - Masquerade as Legitimate Application T1445 - Abuse of iOS Enterprise App Signing Key T1449 - Exploit SS7 to Redirect Phone Calls/SMS T1450 - Exploit SS7 to Track Device Location T1457 - Malicious Media Content T1459 - Device Unlock Code Guessing or Brute Force T1476 - Deliver Malicious App via Other Means T1491 - Defacement T1493 - Transmitted Data Manipulation T1496 - Resource Hijacking T1497 - Virtualization/Sandbox Evasion T1503 - Credentials from Web Browsers T1516 - Input Injection T1534 - Internal Spearphishing T1560 - Archive Collected Data T1566 - Phishing T1566.001 - Spearphishing Attachment T1566.002 - Spearphishing Link T1566.003 - Spearphishing via Service T1568 - Dynamic Resolution T1574 - Hijack Execution Flow T1574.006 - Dynamic Linker Hijacking T1583.002 - DNS Server T1583.005 - Botnet T1589 - Gather Victim Identity Information T1596.001 - DNS/Passive DNS T1596.004 - CDNs T1598 - Phishing for Information T1598.001 - Spearphishing Service T1598.002 - Spearphishing Attachment T1598.003 - Spearphishing Link T1602 - Data from Configuration Repository T1602.002 - Network Device Configuration Dump T1608.001 - Upload Malware T1608.005 - Link Target TA0001 - Initial Access TA0002 - Execution TA0003 - Persistence TA0004 - Privilege Escalation TA0005 - Defense Evasion TA0006 - Credential Access TA0007 - Discovery TA0009 - Collection TA0011 - Command and Control TA0037 - Command and Control TA0043 - Reconnaissance