ToddyCat

T1003 - OS Credential Dumping T1005 - Data from Local System T1018 T1021 T1021.002 T1027 - Obfuscated Files or Information T1033 - System Owner/User Discovery T1036 - Masquerading T1036.005 - Match Legitimate Name or Location T1039 - Data from Network Shared Drive T1041 - Exfiltration Over C2 Channel T1047 T1049 T1053 - Scheduled Task/Job T1053.005 - Scheduled Task T1055 - Process Injection T1056 - Input Capture T1057 - Process Discovery T1059 - Command and Scripting Interpreter T1059.001 - PowerShell T1059.003 T1059.005 - Visual Basic T1069 T1069.002 T1071.001 - Web Protocols T1074 T1074.002 T1078 T1078.002 T1078.003 T1082 - System Information Discovery T1083 - File and Directory Discovery T1087 - Account Discovery T1087.002 T1095 - Non-Application Layer Protocol T1102 - Web Service T1104 T1105 - Ingress Tool Transfer T1106 T1114.001 - Local Email Collection T1124 T1125 - Video Capture T1134 - Access Token Manipulation T1140 - Deobfuscate/Decode Files or Information T1157 - Dylib Hijacking T1176 - Browser Extensions T1187 - Forced Authentication T1190 - Exploit Public-Facing Application T1505 - Server Software Component T1518 T1518.001 T1526 - Cloud Service Discovery T1547 T1550.001 - Application Access Token T1555.003 - Credentials from Web Browsers T1557 - Man-in-the-Middle T1560 - Archive Collected Data T1560.001 T1560.002 T1562 - Impair Defenses T1562.004 T1564 T1564.003 T1565 - Data Manipulation T1566 - Phishing T1566.001 T1566.003 T1567 T1567.002 T1573 T1574 - Hijack Execution Flow T1574.002 T1608 - Stage Capabilities T1680 T1686