T1566 - Initial Access - Phishing,
T1059.001 - Execution - Command and Scripting Interpreter: PowerShell,
T1078 - Initial Access - Valid Accounts,
T1204 - Execution - User Execution,
T1041 - Exfiltration - Exfiltration Over C2 Channel,
T1105 - Command and Control - Ingress Tool Transfer,
T1136 - Persistence - Create Account,
T1204.002 - Execution - User Execution: Malicious File,
T1566.001 - Initial Access - Phishing: Spearphishing Attachment,
T1036 - Defense Evasion - Masquerading,
T1136.001 - Persistence - Create Account: Local Account,
T1036.005 - Defense Evasion - Masquerading: Match Legitimate Name or Location,