TA0002
Execution
Description
The adversary is trying to run malicious code. Execution consists of techniques that result in adversary-controlled code running on a local or remote system.
Techniques that run malicious code are often paired with techniques from all other tactics to achieve broader goals, like exploring a network or stealing data. For example, an adversary might use a remote access tool to run a PowerShell script that does Remote System Discovery.
Techniques (17)
T1047
Windows Management Instrumentation
T1053
Scheduled Task/Job
T1059
Command and Scripting Interpreter
T1072
Software Deployment Tools
T1106
Native API
T1129
Shared Modules
T1203
Exploitation for Client Execution
T1204
User Execution
T1559
Inter-Process Communication
T1569
System Services
T1609
Container Administration Command
T1610
Deploy Container
T1648
Serverless Execution
T1651
Cloud Administration Command
T1674
Input Injection
T1675
ESXi Administration Command
T1677
Poisoned Pipeline Execution