DLL Side-loading (utilizing legitimate executables such as toshdpdb.exe)
HUI Loader
PlugX (Korplug) backdoor
Cobalt Strike
NPS Proxy for covert communication
Exploitation of public-facing applications (e.g., CVE-2024-0012 in PAN-OS)
Ransomware as a diversionary tactic
Exfiltration to cloud storage (Amazon S3)
PowerShell and Python scripting for reconnaissance and C2