Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control |
---|---|---|---|---|---|---|---|---|---|---|
Spearphishing Link | AppleScript | BITS Jobs | Scheduled Task | Template Injection | Credential Dumping | AppleScript | Exfiltration Over Command and Control Channel | Remote Access Tools | ||
InstallUtil | Scheduled Task | Bypass User Account Control | Multi-Stage Channels | |||||||
Rundll32 | Signed Script Proxy Execution | |||||||||
PowerShell | Process Doppelgänging | |||||||||
Command-Line Interface | CMSTP | |||||||||
Signed Script Proxy Execution | Compiled HTML File | |||||||||
CMSTP | ||||||||||
Compiled HTML File |