Privilege Escalation
T1134 opens_process_token: Opens the access token associated with a process
Defense Evasion
T1134 opens_process_token: Opens the access token associated with a process
Credential Access
T1003.001 yara_rules: Static rules
Discovery
T1518 locates_browser: Attempts to identify where browsers are installed
Other
no_graphical_activity: No graphic activity
writes_data: Writes big amount of data to disk
many_files_in_archive: The archive contains more than 5 files