Kinsing

T1003 T1005 - Data from Local System T1007 T1008 T1011 T1012 T1014 T1016 - System Network Configuration Discovery T1016.001 - Internet Connection Discovery T1018 T1021 T1021.004 - SSH T1027 - Obfuscated Files or Information T1033 - System Owner/User Discovery T1036 - Masquerading T1036.005 - Match Legitimate Name or Location T1041 T1046 T1047 - Windows Management Instrumentation T1048 T1048.003 - Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1049 T1053 T1053.003 T1053.005 - Scheduled Task T1055 T1056 - Input Capture T1057 - Process Discovery T1059 - Command and Scripting Interpreter T1059.001 - PowerShell T1059.003 T1059.004 - Unix Shell T1059.005 - Visual Basic T1060 T1065 T1068 T1070 - Indicator Removal on Host T1071 T1074 T1078 - Valid Accounts T1081 T1082 - System Information Discovery T1083 - File and Directory Discovery T1085 T1087 T1089 - Disabling Security Tools T1090 T1095 T1098 - Account Manipulation T1102 - Web Service T1105 - Ingress Tool Transfer T1106 T1110 T1111 T1112 T1113 - Screen Capture T1114 T1114.001 T1115 T1119 T1120 T1124 T1127 - Trusted Developer Utilities Proxy Execution T1130 T1132 T1133 T1134 T1136 T1137 T1140 - Deobfuscate/Decode Files or Information T1170 T1176 T1190 - Exploit Public-Facing Application T1199 T1203 T1204 - User Execution T1204.002 T1210 - Exploitation of Remote Services T1217 T1218 - Signed Binary Proxy Execution T1219 T1222 T1437 T1485 T1486 T1489 - Service Stop T1490 - Inhibit System Recovery T1496 - Resource Hijacking T1497 T1497.003 T1498 - Network Denial of Service T1499 T1503 T1505 T1518 T1518.001 - Security Software Discovery T1525 T1529 - System Shutdown/Reboot T1530 T1531 T1539 T1543 T1543.003 - Windows Service T1546 T1547 T1547.001 - Registry Run Keys / Startup Folder T1550 T1552 T1553 - Subvert Trust Controls T1555 - Credentials from Password Stores T1560 T1561 T1562 T1562.001 - Disable or Modify Tools T1564 T1565 T1566 - Phishing T1571 T1573 T1574 T1583 T1587 T1595