Execution (TA0002) | Persistence (TA0003) | Privilege Escalation (TA0004) | Defense Evasion (TA0005) | Credential Access (TA0006) | Discovery (TA0007) | Lateral Movement (TA0008) | Collection (TA0009) | Impact (TA0040) |
---|---|---|---|---|---|---|---|---|
Scheduled Task/Job (T1053) |
Scheduled Task/Job (T1053) |
Scheduled Task/Job (T1053) |
Obfuscated Files or Information (T1027) |
OS Credential Dumping (T1003) |
Process Discovery (T1057) |
Taint Shared Content (T1080) |
Data from Local System (T1005) |
Inhibit System Recovery (T1490) |
Command and Scripting Interpreter (T1059) |
Boot or Logon Autostart Execution (T1547) |
Boot or Logon Autostart Execution (T1547) |
Modify Registry (T1112) |
Input Capture (T1056) |
Network Share Discovery (T1135) |
Data Staged (T1074) |
Data Encrypted for Impact (T1486) |
|
Shared Modules (T1129) |
Registry Run Keys/Startup Folder (T1547.001) |
Registry Run Keys/Startup Files (T1547.001) |
Indirect Command Execution (T1202) |
System Information Discovery (T1082) |
Input Capture (T1056) |
Data Destruction (T1485) |
||
Token Impersonation/Theft (T1134.001) |
Software Packing (T1027.002) |
File and Directory Discovery (T1083) |
||||||
Masquerading (T1036) |
Virtualization/Sandbox Evasion (T1497) |
|||||||
Hidden Files and Directories (T1564.001) |
Security Software Discovery (T1518.001) |
|||||||
File Deletion (T1070.004) |
||||||||
Virtualization/Sandbox Evasion (T1497) |
||||||||
Disable or Modify Tools (T1562.001) |
This information is provided by Crocodyli or Ransomware.live