DLLHost with no Command Line Arguments with Network
Process Injection
Process Injection
Process Injection
System Binary Proxy Execution, Rundll32
Process Injection
Account Discovery, Domain Account, User Execution, Malicious File
Exfiltration Over Unencrypted Non-C2 Protocol
OS Credential Dumping, DCSync, Rogue Domain Controller
Exploit Public-Facing Application, External Remote Services
InstallUtil, System Binary Proxy Execution
InstallUtil, System Binary Proxy Execution
Use Alternate Authentication Material
Exploit Public-Facing Application, External Remote Services
Exploit Public-Facing Application, Command and Scripting Interpreter
Ingress Tool Transfer, Exfiltration Over Web Service, System Binary Proxy Execution
TFTP Boot, Pre-OS Boot
Exploitation for Client Execution
Application Layer Protocol, Web Protocols
SMB/Windows Admin Shares, Remote Services
SMB/Windows Admin Shares, Remote Services
Exfiltration Over Alternative Protocol
Remote Desktop Protocol, Remote Services
Email Collection, Remote Email Collection
Remote Email Collection, Email Collection
Exfiltration Over Unencrypted Non-C2 Protocol, Exfiltration Over Alternative Protocol
File Transfer Protocols, Application Layer Protocol
Remote Desktop Protocol, Remote Services
Non-Application Layer Protocol