T1059.001 - Execution - Command and Scripting Interpreter: PowerShell,
T1078 - Initial Access - Valid Accounts,
T1110 - Credential Access - Brute Force,
T1133 - Initial Access - External Remote Services,
T1552.001 - Credential Access - Unsecured Credentials: Credentials In Files,
T1059.006 - Execution - Command and Scripting Interpreter: Python,
T1562.004 - Defense Evasion - Impair Defenses: Disable or Modify System Firewall,
T1048 - Exfiltration - Exfiltration Over Alternative Protocol,
T1562.002 - Defense Evasion - Impair Defenses: Disable Windows Event Logging,
T1071.004 - Command and Control - Application Layer Protocol: DNS,