| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1005 | Data from Local System | Zox has the ability to upload files from a targeted system.[1] | |
| Enterprise | T1001 | .002 | Data Obfuscation:Steganography | |
| Enterprise | T1068 | Exploitation for Privilege Escalation | Zox has the ability to leverage local and remote exploits to escalate privileges.[1] | |
| Enterprise | T1083 | File and Directory Discovery | ||
| Enterprise | T1105 | Ingress Tool Transfer | ||
| Enterprise | T1680 | Local Storage Discovery | ||
| Enterprise | T1027 | .013 | Obfuscated Files or Information:Encrypted/Encoded File | |
| Enterprise | T1057 | Process Discovery | ||
| Enterprise | T1021 | .002 | Remote Services:SMB/Windows Admin Shares | |