T1053.005 - Persistence - Scheduled Task,
T1059.001 - Execution - Command and Scripting Interpreter: PowerShell,
T1078 - Initial Access - Valid Accounts,
T1110 - Credential Access - Brute Force,
T1133 - Initial Access - External Remote Services,
T1057 - Discovery - Process Discovery,
T1543 - Persistence - Create or Modify System Process,
T1016 - Discovery - System Network Configuration Discovery,
T1059.003 - Execution - Command and Scripting Interpreter: Windows Command Shell,
T1562.004 - Defense Evasion - Impair Defenses: Disable or Modify System Firewall,
T1562.002 - Defense Evasion - Impair Defenses: Disable Windows Event Logging,