Office Product Spawning Wmic
Phishing, Spearphishing Attachment
Phishing, Spearphishing Attachment
Phishing, Spearphishing Attachment
Phishing, Spearphishing Attachment
Phishing, Spearphishing Attachment
Phishing, Spearphishing Attachment
Phishing, Spearphishing Attachment
Phishing, Spearphishing Attachment
Phishing, Spearphishing Attachment
Phishing, Spearphishing Attachment
Phishing, Spearphishing Attachment
LSASS Memory
Phishing, Spearphishing Attachment
Phishing, Spearphishing Attachment
Phishing, Spearphishing Attachment
Phishing, Spearphishing Attachment
Spearphishing Attachment, Phishing
Server Software Component, IIS Components
Replication Through Removable Media
Modify Registry
Protocol Tunneling, Proxy, Web Service
Protocol Tunneling, Proxy, Web Service
Registry Run Keys / Startup Folder, Boot or Logon Autostart Execution
Malicious File, User Execution
Domain Account, Account Discovery
DLL Search Order Hijacking, Hijack Execution Flow
DLL Search Order Hijacking, Hijack Execution Flow
Disable or Modify Tools, Impair Defenses
User Execution, Malicious File
Server Software Component, IIS Components
Query Registry
Query Registry
Windows Management Instrumentation
System Network Configuration Discovery
Change Default File Association, Event Triggered Execution
Credentials from Password Stores
Indirect Command Execution
System Network Connections Discovery
Clipboard Data
Credentials in Registry, Unsecured Credentials
Password Managers
Service Stop
Private Keys, Unsecured Credentials
Cached Domain Credentials, OS Credential Dumping
Security Support Provider, Boot or Logon Autostart Execution
System Information Discovery
System Owner/User Discovery
Steal or Forge Kerberos Tickets
BITS Jobs, Ingress Tool Transfer
Command and Scripting Interpreter
OS Credential Dumping
Security Account Manager, OS Credential Dumping
File Deletion, Indicator Removal
Data Destruction
Process Injection, Portable Executable Injection
Application Layer Protocol
Modify Registry
Dynamic-link Library Injection, Process Injection
Application Layer Protocol
Regsvr32, System Binary Proxy Execution
Command and Scripting Interpreter, JavaScript
Process Injection
Process Injection
Windows Management Instrumentation
DLL Side-Loading, Hijack Execution Flow
System Owner/User Discovery
System Owner/User Discovery
DLL Side-Loading, Hijack Execution Flow
DLL Side-Loading, Hijack Execution Flow
Domain Account, Local Groups, Domain Trust Discovery, Local Account, Account Discovery, Domain Groups, Permission Groups Discovery
Local Account, Create Account
Compromise Accounts, Cloud Accounts, Valid Accounts, Cloud Accounts
Compromise Accounts, Cloud Accounts, Multi-Factor Authentication Request Generation, Modify Authentication Process, Multi-Factor Authentication
Exploit Public-Facing Application
Server Software Component, Web Shell, Exploit Public-Facing Application
Component Object Model Hijacking, Command and Scripting Interpreter, PowerShell
Component Object Model Hijacking, Event Triggered Execution
System Script Proxy Execution, System Binary Proxy Execution
Registry Run Keys / Startup Folder, Boot or Logon Autostart Execution
Spearphishing Attachment, Phishing, Malicious Link, User Execution
Spearphishing Attachment, Phishing
Mail Protocols, Application Layer Protocol
Mail Protocols, Application Layer Protocol
Mail Protocols, Application Layer Protocol
Protocol Tunneling, SSH
Data Encrypted for Impact
Command and Scripting Interpreter
LSASS Memory, OS Credential Dumping
Compiled HTML File, System Binary Proxy Execution
Ingress Tool Transfer
Process Injection
InstallUtil, System Binary Proxy Execution
Service Stop
Credentials, Gather Victim Identity Information
DLL Search Order Hijacking, Hijack Execution Flow
Remote Access Software, OS Credential Dumping
GUI Input Capture, Input Capture
Remote Access Software
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
DLL Search Order Hijacking
Ingress Tool Transfer
Proxy, Non-Application Layer Protocol
Ingress Tool Transfer
Ingress Tool Transfer
Hardware, Gather Victim Host Information
System Time Discovery
Clipboard Data
Windows Command Shell, Command and Scripting Interpreter
SSH Authorized Keys
System Shutdown/Reboot
System Shutdown/Reboot
System Information Discovery, Rootkit
Obfuscated Files or Information, Unix Shell
System Shutdown/Reboot
Obfuscated Files or Information
Disable or Modify Tools, Impair Defenses
Remote Desktop Protocol, Remote Services
Windows Management Instrumentation Event Subscription
Disable or Modify Tools, Impair Defenses
Screen Capture
Mavinject, System Binary Proxy Execution
Screen Capture
Odbcconf
PowerShell
Odbcconf
System Binary Proxy Execution
Exploit Public-Facing Application
Odbcconf
Disable or Modify Tools, Impair Defenses
Remote Desktop Protocol, Remote Services
Application Layer Protocol
Modify Registry
Disable or Modify Tools, Impair Defenses
Service Stop
Modify Registry
Modify Registry
Remote Access Software
Modify Registry
Modify Registry
Modify Registry
Modify Registry
Remote Desktop Protocol, Remote Services
Remote Desktop Protocol, Remote Services
Remote Desktop Protocol, Remote Services
IP Addresses, Gather Victim Network Information
Service Stop
Msiexec
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Server Software Component, Exploit Public-Facing Application
Exploit Public-Facing Application
Disable or Modify System Firewall, Impair Defenses
Exfiltration Over Alternative Protocol
Gather Victim Network Information, IP Addresses
Disable or Modify Tools, Impair Defenses
Command and Scripting Interpreter
Command and Scripting Interpreter
Visual Basic, Command and Scripting Interpreter
Plist File Modification
At, Scheduled Task/Job
At, Scheduled Task/Job
Scheduled Task, Scheduled Task/Job
Exploitation for Privilege Escalation
Windows Service, Create or Modify System Process, Exploitation for Privilege Escalation
Windows Service
Disable or Modify Tools, Impair Defenses
Email Collection, Local Email Collection
Inhibit System Recovery
Masquerade Task or Service, Masquerading
Steal or Forge Kerberos Tickets
Steal or Forge Kerberos Tickets
Steal or Forge Kerberos Tickets
Steal or Forge Kerberos Tickets
Scheduled Task/Job
Domain Account, Account Discovery
Domain Account, Account Discovery
Service Stop
Data Destruction, File Deletion, Indicator Removal
Service Stop
Service Stop
Data Destruction
Cron, Scheduled Task/Job
Data Destruction
Domain Trust Discovery
Scheduled Task, Impair Defenses
Data Destruction, File Deletion, Indicator Removal
Data Destruction, File Deletion, Indicator Removal
Data Destruction, File Deletion, Indicator Removal
Data Destruction, File Deletion, Indicator Removal
Data Destruction, File Deletion, Indicator Removal
Data Destruction, File Deletion, Indicator Removal
Masquerading, Trusted Developer Utilities Proxy Execution, Rename System Utilities
System Binary Proxy Execution, Mshta
System Binary Proxy Execution, Masquerading, Rundll32, Rename System Utilities
System Services, Service Execution
System Binary Proxy Execution, Compiled HTML File
Command and Scripting Interpreter, PowerShell, Ingress Tool Transfer
Masquerading, Trusted Developer Utilities Proxy Execution, Rename System Utilities, MSBuild
Command and Scripting Interpreter, PowerShell, Ingress Tool Transfer
Disable or Modify System Firewall, Impair Defenses
Indirect Command Execution
Indirect Command Execution
Disable or Modify Tools, Impair Defenses
Registry Run Keys / Startup Folder, Boot or Logon Autostart Execution
Install Root Certificate, Subvert Trust Controls
Rootkit, Exploitation for Privilege Escalation
Modify Registry
Component Object Model Hijacking, Event Triggered Execution, PowerShell
File and Directory Permissions Modification
InstallUtil, System Binary Proxy Execution
InstallUtil, System Binary Proxy Execution
Process Injection
Process Injection
Process Injection
Process Injection
System Binary Proxy Execution, Rundll32
System Binary Proxy Execution, Regsvcs/Regasm
Process Injection
System Binary Proxy Execution, Regsvcs/Regasm
System Binary Proxy Execution, Rundll32
Process Injection
Use Alternate Authentication Material
Masquerading, Trusted Developer Utilities Proxy Execution, Rename System Utilities, MSBuild
Modify Registry
Modify Registry
Modify Registry
Modify Registry
Modify Registry
Modify Registry
Unix Shell, Command and Scripting Interpreter
Modify Registry
Command and Scripting Interpreter
Obfuscated Files or Information, Indicator Removal from Tools
Disk Structure Wipe, Disk Wipe
Data Destruction
Data Destruction
Process Injection
Disable or Modify Tools, Impair Defenses
Services Registry Permissions Weakness
Scheduled Task, Scheduled Task/Job
Windows Management Instrumentation
Indicator Removal
System Binary Proxy Execution, Rundll32
Command and Scripting Interpreter, PowerShell
Bypass User Account Control, Abuse Elevation Control Mechanism
Disk Structure Wipe, Disk Wipe
Modify Registry
Dynamic-link Library Injection, System Binary Proxy Execution, Process Injection
System Binary Proxy Execution
Data Destruction
System Network Configuration Discovery
System Binary Proxy Execution, Rundll32
Process Injection
Scheduled Task, Scheduled Task/Job
Ingress Tool Transfer
Ingress Tool Transfer
Use Alternate Authentication Material, Pass the Ticket, Steal or Forge Kerberos Tickets, Kerberoasting, AS-REP Roasting
Use Alternate Authentication Material, Pass the Ticket
Inhibit System Recovery
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Bypass User Account Control, Abuse Elevation Control Mechanism
Remote Services
Disable or Modify Tools, Impair Defenses
Indicator Blocking, Trusted Developer Utilities Proxy Execution, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Modify Registry, OS Credential Dumping
Exploitation for Privilege Escalation
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Bypass User Account Control, Abuse Elevation Control Mechanism
Disable or Modify Tools, Impair Defenses
Hidden Files and Directories, Disable or Modify Tools, Hide Artifacts, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Modify Registry
Disable or Modify Tools, Impair Defenses
Active Setup, Boot or Logon Autostart Execution
Modify Registry
Disable or Modify Tools, Impair Defenses
Credentials in Registry, Unsecured Credentials
Disable or Modify Tools, Impair Defenses
Image File Execution Options Injection, Event Triggered Execution
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Abuse Elevation Control Mechanism
Disable or Modify Tools, Impair Defenses
Time Providers, Boot or Logon Autostart Execution
Disable or Modify Tools, Impair Defenses
Phishing, Spearphishing Attachment
Phishing, Spearphishing Attachment
Virtualization/Sandbox Evasion, Time Based Evasion
Data Destruction
Masquerading, Rename System Utilities, System Binary Proxy Execution, InstallUtil
Masquerading, Rename System Utilities, System Binary Proxy Execution, InstallUtil
Obfuscated Files or Information
Remote Services, SMB/Windows Admin Shares, Distributed Component Object Model, Windows Management Instrumentation, Windows Service
Windows Command Shell, Command and Scripting Interpreter
Visual Basic, Command and Scripting Interpreter
Windows Command Shell
PowerShell, Command and Scripting Interpreter
SSH Authorized Keys, Account Manipulation
SSH Authorized Keys, Account Manipulation
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
/etc/passwd and /etc/shadow, OS Credential Dumping
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Setuid and Setgid, Abuse Elevation Control Mechanism
Dynamic Linker Hijacking, Hijack Execution Flow
Kernel Modules and Extensions, Boot or Logon Autostart Execution
Kernel Modules and Extensions, Boot or Logon Autostart Execution
Kernel Modules and Extensions, Boot or Logon Autostart Execution
Valid Accounts, Domain Accounts
Linux and Mac File and Directory Permissions Modification, File and Directory Permissions Modification
Setuid and Setgid, Abuse Elevation Control Mechanism
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Setuid and Setgid, Abuse Elevation Control Mechanism
Local Account, Create Account
Sudo and Sudo Caching, Abuse Elevation Control Mechanism
Systemd Timers, Scheduled Task/Job
Systemd Timers, Scheduled Task/Job
Unix Shell Configuration Modification, Event Triggered Execution
RC Scripts, Boot or Logon Initialization Scripts
Valid Accounts, Domain Accounts
Unix Shell Configuration Modification, Event Triggered Execution
Valid Accounts, Domain Accounts
Systemd Timers, Scheduled Task/Job
Cron, Scheduled Task/Job
Cron, Scheduled Task/Job
Cron, Scheduled Task/Job
Cron, Scheduled Task/Job
Cron, Scheduled Task/Job
Exploit Public-Facing Application
Exploit Public-Facing Application
Ingress Tool Transfer
Ingress Tool Transfer
Disable or Modify Tools
Server Software Component, Web Shell, Exploit Public-Facing Application
Unix Shell
Remote Services, Distributed Component Object Model, Windows Remote Management, Windows Management Instrumentation, Scheduled Task, Windows Service, PowerShe...
Automated Exfiltration
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Disable or Modify Tools, Impair Defenses
Remote Services, Distributed Component Object Model, MMC
Create or Modify System Process, Windows Service
Windows Management Instrumentation
Credentials from Web Browsers, Credentials from Password Stores
Remote Services, Windows Remote Management
Scheduled Task/Job, Scheduled Task
Gather Victim Host Information
Process Injection, Dynamic-link Library Injection
Disable or Modify Tools, Impair Defenses
Remote Services, Windows Remote Management
Transfer Data to Cloud Account
Data Encrypted for Impact
Remote Services, Distributed Component Object Model
Windows Management Instrumentation
Compile After Delivery, Obfuscated Files or Information
System Network Configuration Discovery, Internet Connection Discovery
Windows Management Instrumentation
InstallUtil, System Binary Proxy Execution
Disable or Modify System Firewall, Impair Defenses
Access Token Manipulation, Token Impersonation/Theft
InstallUtil, System Binary Proxy Execution
Scheduled Task/Job, Scheduled Task
XSL Script Processing
Scheduled Task/Job, At
Remote Services, Windows Remote Management
Create or Modify System Process, Windows Service
Ingress Tool Transfer
Create or Modify System Process, Windows Service
Match Legitimate Name or Location, Masquerading, OS Credential Dumping, Active Scanning
Remote System Discovery
Ingress Tool Transfer
Scheduled Task
Disable or Modify Tools, Impair Defenses
Kerberoasting
Clear Windows Event Logs, Indicator Removal
Masquerading
Data Destruction, File Deletion, Indicator Removal
Process Injection, Create or Modify System Process, Parent PID Spoofing, Access Token Manipulation
Process Injection
Rename System Utilities, Masquerading
Command and Scripting Interpreter, Component Object Model
Modify Registry
Regsvr32, Modify Registry
System Binary Proxy Execution, Regsvr32
MSBuild, Trusted Developer Utilities Proxy Execution
Visual Basic, Command and Scripting Interpreter
Verclsid, System Binary Proxy Execution
Print Processors, Boot or Logon Autostart Execution
Event Triggered Execution, Screensaver
Boot or Logon Initialization Scripts, Logon Script (Windows)
Change Default File Association, Event Triggered Execution
Screen Capture
BITS Jobs
NTDS, OS Credential Dumping
NTDS, OS Credential Dumping
Disable or Modify System Firewall, Impair Defenses
System Binary Proxy Execution, Mshta
System Binary Proxy Execution, Mshta
System Binary Proxy Execution, Compiled HTML File
Automated Exfiltration
Install Root Certificate, Subvert Trust Controls
Account Discovery, Local Account
Account Discovery, Local Account
Archive via Utility, Archive Collected Data
NTDS, OS Credential Dumping
Remote Services, SMB/Windows Admin Shares
Archive via Utility, Archive Collected Data
System Binary Proxy Execution, Compiled HTML File
Credentials from Password Stores, Credentials from Web Browsers
System Owner/User Discovery
Credentials from Password Stores, Credentials from Web Browsers
Permission Groups Discovery, Local Groups
Permission Groups Discovery, Local Groups
Permission Groups Discovery, Local Groups
Permission Groups Discovery, Local Groups
System Owner/User Discovery
System Owner/User Discovery
System Owner/User Discovery
Command and Scripting Interpreter, JavaScript
System Owner/User Discovery
Command and Scripting Interpreter, JavaScript
XSL Script Processing
Command and Scripting Interpreter, JavaScript
System Network Connections Discovery
System Network Connections Discovery
System Network Connections Discovery
Security Account Manager, OS Credential Dumping
System Binary Proxy Execution, Rundll32
Local Account, Create Account
System Binary Proxy Execution, Rundll32
System Binary Proxy Execution, Control Panel
Remote System Discovery
Remote System Discovery
Domain Account, Account Discovery
System Information Discovery
Remote System Discovery
Remote System Discovery
Inhibit System Recovery
Inhibit System Recovery
Domain Trust Discovery
Permission Groups Discovery, Domain Groups
Remote System Discovery
Remote System Discovery
Remote System Discovery
Remote System Discovery
Remote System Discovery
Password Policy Discovery
Password Policy Discovery
Phishing, Spearphishing Link
Password Policy Discovery
Password Policy Discovery
Permission Groups Discovery, Domain Groups
System Network Connections Discovery
Permission Groups Discovery, Domain Groups
Permission Groups Discovery, Domain Groups
Permission Groups Discovery, Domain Groups
Permission Groups Discovery, Domain Groups
Permission Groups Discovery, Domain Groups
Permission Groups Discovery, Domain Groups
Domain Account, Account Discovery
Domain Account, Account Discovery
Domain Account, Account Discovery
Domain Trust Discovery
Domain Account, Account Discovery
Domain Account, Account Discovery
Domain Account, Account Discovery
Account Discovery, Local Account
Account Discovery, Local Account
Security Account Manager, OS Credential Dumping
Archive via Utility, Archive Collected Data
System Binary Proxy Execution, CMSTP
Indicator Removal
System Binary Proxy Execution, Rundll32
Msiexec, System Binary Proxy Execution
Process Injection
Data from Local System
User Execution, Malicious File
Archive via Utility, Archive Collected Data
Process Injection
System Binary Proxy Execution, Regsvr32
Command and Scripting Interpreter
Process Injection
System Binary Proxy Execution, Rundll32
System Binary Proxy Execution, Rundll32
System Binary Proxy Execution, Rundll32
Security Account Manager, OS Credential Dumping
System Binary Proxy Execution, Mshta
Bypass User Account Control, Abuse Elevation Control Mechanism, MMC
DLL Side-Loading, Hijack Execution Flow
Print Processors, Boot or Logon Autostart Execution
Print Processors, Boot or Logon Autostart Execution
Exploitation for Privilege Escalation
Print Processors, Boot or Logon Autostart Execution
Print Processors, Boot or Logon Autostart Execution
Print Processors, Boot or Logon Autostart Execution
Print Processors, Boot or Logon Autostart Execution
Disable or Modify Tools, Impair Defenses
System Services, Service Execution
Disable or Modify Cloud Firewall, Impair Defenses
Disable or Modify Cloud Firewall, Impair Defenses
Command and Scripting Interpreter, Visual Basic
File and Directory Permissions Modification
File Deletion, Indicator Removal
Inhibit System Recovery
Indicator Removal, Clear Windows Event Logs
Command and Scripting Interpreter
Inhibit System Recovery
Defacement
System Binary Proxy Execution, CMSTP
User Execution
User Execution
Domain Account, Local Groups, Domain Trust Discovery, Local Account, Account Discovery, Domain Groups, Permission Groups Discovery
Domain Account, Local Groups, Domain Trust Discovery, Local Account, Account Discovery, Domain Groups, Permission Groups Discovery
Domain Account, Local Groups, Domain Trust Discovery, Local Account, Account Discovery, Domain Groups, Permission Groups Discovery
Domain Account, Local Groups, Domain Trust Discovery, Local Account, Account Discovery, Domain Groups, Permission Groups Discovery
NTDS, OS Credential Dumping
Exploit Public-Facing Application
Command and Scripting Interpreter, Windows Command Shell, Windows Service, Create or Modify System Process
Remote Desktop Protocol, Remote Services
Abuse Elevation Control Mechanism
System Binary Proxy Execution, CMSTP
Bypass User Account Control, Abuse Elevation Control Mechanism
Bypass User Account Control, Abuse Elevation Control Mechanism
Scheduled Task/Job
File and Directory Permissions Modification
Account Discovery
Ingress Tool Transfer
Account Access Removal
Create or Modify System Process
Disable or Modify Tools, Impair Defenses
Account Access Removal
File and Directory Permissions Modification
Service Stop
Service Stop
Disable or Modify Tools, Impair Defenses
Account Access Removal
Windows Service, Create or Modify System Process
File and Directory Permissions Modification
Windows Service, Create or Modify System Process
Phishing, Spearphishing Attachment
Process Injection
Archive via Utility, Archive Collected Data
Phishing, Spearphishing Attachment
Command and Scripting Interpreter
Obfuscated Files or Information
Scheduled Task/Job
Scheduled Task/Job
Exfiltration Over Alternative Protocol
Phishing, Spearphishing Attachment
Phishing, Spearphishing Attachment
Security Account Manager, OS Credential Dumping
Security Account Manager, OS Credential Dumping
System Services, Service Execution
Domain Trust Discovery
Disable or Modify Tools, Impair Defenses
BITS Jobs
Deobfuscate/Decode Files or Information
User Execution
Create or Modify System Process
Data Destruction
Data Encrypted for Impact
Inhibit System Recovery
Command and Scripting Interpreter, PowerShell
Server Software Component, Web Shell
Disable or Modify Tools, Impair Defenses
Modify Registry, Bypass User Account Control, Abuse Elevation Control Mechanism
Scheduled Task, Scheduled Task/Job
Command and Scripting Interpreter, Windows Command Shell
Data Staged
Launch Agent, Create or Modify System Process
Ingress Tool Transfer
System Binary Proxy Execution, Regsvcs/Regasm
System Binary Proxy Execution, Regsvcs/Regasm
System Binary Proxy Execution, Compiled HTML File
System Binary Proxy Execution, Rundll32
System Binary Proxy Execution, Rundll32
System Binary Proxy Execution, Rundll32
System Binary Proxy Execution, Rundll32
System Binary Proxy Execution, Rundll32
NTDS, OS Credential Dumping
System Binary Proxy Execution, Regsvr32
System Binary Proxy Execution, Regsvr32
Modify Registry
Inhibit System Recovery
System Binary Proxy Execution, Mshta
System Binary Proxy Execution, Mshta
Command and Scripting Interpreter, PowerShell
PowerShell
Trusted Developer Utilities Proxy Execution, MSBuild
Trusted Developer Utilities Proxy Execution
System Binary Proxy Execution, Mshta
Inhibit System Recovery
User Execution, Malicious File
Masquerading, Rename System Utilities
Application Shimming, Event Triggered Execution
Scheduled Task, Scheduled Task/Job
Services Registry Permissions Weakness, Hijack Execution Flow
Disable or Modify System Firewall
Application Shimming, Event Triggered Execution
Rename System Utilities
Bypass User Account Control, Abuse Elevation Control Mechanism
Masquerading, Rename System Utilities
Command and Scripting Interpreter, Windows Command Shell
System Network Configuration Discovery
Inhibit System Recovery
Data Destruction
Service Stop
Data Encrypted for Impact
Indicator Removal, Network Share Connection Removal
Masquerading
Modify Registry
Malicious File
Remote Desktop Protocol, Remote Services
Windows Service, Create or Modify System Process
Disable or Modify Tools, Impair Defenses
Command and Scripting Interpreter, Windows Command Shell
PowerShell, Windows Command Shell
Command and Scripting Interpreter, PowerShell
Email Collection, Local Email Collection
File and Directory Permissions Modification, Windows File and Directory Permissions Modification
Software Deployment Tools
Event Triggered Execution, Accessibility Features
Scheduled Task
Path Interception by Unquoted Path, Hijack Execution Flow
Exploitation for Privilege Escalation
Windows Management Instrumentation
Exploitation for Privilege Escalation
Windows Management Instrumentation
LSASS Memory, OS Credential Dumping
Port Monitors, Boot or Logon Autostart Execution
Application Shimming, Event Triggered Execution
Bypass User Account Control, Abuse Elevation Control Mechanism
Bypass User Account Control, Abuse Elevation Control Mechanism
Bypass User Account Control, Abuse Elevation Control Mechanism
Credentials in Registry, Unsecured Credentials
NTDS, OS Credential Dumping
System Information Discovery
Hidden Files and Directories
Data Encrypted for Impact
Indicator Removal
Windows Management Instrumentation