What indicators of compromise would you look for to determine if an embedded system has been compromised by a persistent threat actor?