TA428

T1001 - Data Obfuscation T1003 - OS Credential Dumping T1005 - Data from Local System T1008 - Fallback Channels T1011 - Exfiltration Over Other Network Medium T1014 - Rootkit T1016 - System Network Configuration Discovery T1021 - Remote Services T1027 - Obfuscated Files or Information T1031 - Modify Existing Service T1036 - Masquerading T1036.003 - Rename System Utilities T1036.004 - Masquerade Task or Service T1040 - Network Sniffing T1043 - Commonly Used Port T1045 - Software Packing T1046 - Network Service Scanning T1048 - Exfiltration Over Alternative Protocol T1048.001 - Exfiltration Over Symmetric Encrypted Non-C2 Protocol T1048.003 - Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1053 - Scheduled Task/Job T1055 - Process Injection T1056 - Input Capture T1056.001 - Keylogging T1057 - Process Discovery T1059 - Command and Scripting Interpreter T1059.001 - PowerShell T1059.002 - AppleScript T1059.005 T1060 - Registry Run Keys / Startup Folder T1068 - Exploitation for Privilege Escalation T1069 - Permission Groups Discovery T1069.002 - Domain Groups T1070 - Indicator Removal on Host T1071 - Application Layer Protocol T1071.001 - Web Protocols T1071.003 - Mail Protocols T1071.004 - DNS T1078 - Valid Accounts T1081 - Credentials in Files T1082 - System Information Discovery T1087 - Account Discovery T1089 - Disabling Security Tools T1090 - Proxy T1090.003 - Multi-hop Proxy T1100 - Web Shell T1105 - Ingress Tool Transfer T1106 - Native API T1110 - Brute Force T1112 - Modify Registry T1113 - Screen Capture T1114 - Email Collection T1119 - Automated Collection T1127.001 - MSBuild T1129 - Shared Modules T1134 - Access Token Manipulation T1140 - Deobfuscate/Decode Files or Information T1143 - Hidden Window T1155 - AppleScript T1156 - Malicious Shell Modification T1176 - Browser Extensions T1187 - Forced Authentication T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application T1199 - Trusted Relationship T1203 - Exploitation for Client Execution T1204 - User Execution T1210 - Exploitation of Remote Services T1218 - Signed Binary Proxy Execution T1218.005 - Mshta T1219 - Remote Access Software T1410 - Network Traffic Capture or Redirection T1448 - Carrier Billing Fraud T1449 - Exploit SS7 to Redirect Phone Calls/SMS T1457 - Malicious Media Content T1480 - Execution Guardrails T1484 - Domain Policy Modification T1489 - Service Stop T1490 - Inhibit System Recovery T1505 - Server Software Component T1505.003 - Web Shell T1528 - Steal Application Access Token T1530 - Data from Cloud Storage Object T1531 - Account Access Removal T1543 - Create or Modify System Process T1546 - Event Triggered Execution T1548 - Abuse Elevation Control Mechanism T1552.001 - Credentials In Files T1553 - Subvert Trust Controls T1553.002 - Code Signing T1557 - Man-in-the-Middle T1560 - Archive Collected Data T1562 - Impair Defenses T1562.001 - Disable or Modify Tools T1564 - Hide Artifacts T1566 - Phishing T1566.001 T1568 - Dynamic Resolution T1568.002 - Domain Generation Algorithms T1572 - Protocol Tunneling T1573 - Encrypted Channel T1573.002 - Asymmetric Cryptography T1574 - Hijack Execution Flow T1574.002 - DLL Side-Loading T1583 - Acquire Infrastructure T1583.005 - Botnet T1587.001 - Malware T1590 - Gather Victim Network Information T1608.001 - Upload Malware TA0010 - Exfiltration TA0011 - Command and Control