TOR Traffic
Proxy, Multi-hop Proxy
Proxy, Multi-hop Proxy
Remote Access Software
Exfiltration Over Unencrypted Non-C2 Protocol, Exfiltration Over Alternative Protocol
Remote Desktop Protocol, Remote Services
SMB/Windows Admin Shares, Remote Services
Process Injection
Exploit Public-Facing Application, External Remote Services
Process Injection
File Transfer Protocols, Application Layer Protocol
InstallUtil, System Binary Proxy Execution
Non-Application Layer Protocol
InstallUtil, System Binary Proxy Execution
Exploitation for Client Execution
SMB/Windows Admin Shares, Remote Services
Exploit Public-Facing Application, Command and Scripting Interpreter
System Binary Proxy Execution, Rundll32
TFTP Boot, Pre-OS Boot
Process Injection
Use Alternate Authentication Material
OS Credential Dumping, DCSync, Rogue Domain Controller
Email Collection, Remote Email Collection
Domain Account, Local Groups, Domain Trust Discovery, Local Account, Account Discovery, Domain Groups, Permission Groups Discovery
Remote Desktop Protocol, Remote Services
Exploit Public-Facing Application, External Remote Services
Account Discovery, Domain Account, User Execution, Malicious File
Remote Email Collection, Email Collection
Exfiltration Over Unencrypted Non-C2 Protocol
Exfiltration Over Alternative Protocol
Ingress Tool Transfer, Exfiltration Over Web Service, System Binary Proxy Execution
Network Service Discovery
Network Service Discovery