|How the malware runs its course|
- Social engineering as an entry point.
- Multiple redirections via URL shorteners and the usage of Dynamic DNS services.
- Payloads hosted on legitimate online storage services and CDNs (content delivery networks).
- Obfuscated PowerShell downloaders employing command-line logging evasion.
- Living off the land techniques that abuse Microsoft-signed binaries.
- Abusing trusted applications via DLL hijacking.
- Splitting the main payload into two or more components Splitting the main payload into two or more components.