Please enable JavaScript.
Coggle requires JavaScript to display documents.
Techniques used by Cobalt Group - Coggle Diagram
Techniques used by Cobalt Group
Initial Access
Phishing (T1566)
Lateral Movement
Remote Service (T1021)
Execution
Inter-Process Communication (T1559)
Exploitation for Client Execution (T1203)
Scheduled Task/Job (T1053)
User Execution (T1204)
Defense Evasion
Obfuscated Files or Information (T1027)
Process Injection (T1055)
Indicator Removal on Host (T1070)
Signed Binary Proxy Execution (T1218)
Abuse Elevation Control Mechanism (T1548)
XSL Script Processing (T1220)
Command and Control
Ingress Tool Transfer (T1105)
Protocol Tunneling (T1572)
Encrypted Channel (T1573)
Remote Access Software (T1219)
Application layer Protocol (T1071)
Discovery
Network
Service Scanning (T1046)
Software Discovery (T1518)
Privilege Escalation
Boot or Logon Initialization Scripts (T1037)
Boot or Logon AutoStart Execution (T1547)
Create or Modify System Process (T1543)
Exploitation for Privilege Escalation (T1068)
Abuse Elevation Control Mechanism (T1548)
Scheduled Task/Job (T1053)
Process Injection (T1055)
Persistence
Boot or Logon Initialization Scripts (T1037)
Create or Modify System Process (T1543)
Boot or Logon AutoStart Execution (T1547)
Scheduled Task/Job (T1053)