T1059.001 - Execution - Command and Scripting Interpreter: PowerShell,
T1204.002 - Execution - User Execution: Malicious File,
T1566.001 - Initial Access - Phishing: Spearphishing Attachment,
T1571 - Command and Control - Non-Standard Port,
T1059.003 - Execution - Command and Scripting Interpreter: Windows Command Shell,
T1574.002 - Privilege Escalation - Hijack Execution Flow: DLL Side-Loading,
T1562.004 - Defense Evasion - Impair Defenses: Disable or Modify System Firewall,
T1547.001 - Persistence - Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder,