Spear-phishing via weaponized XLSM documents
LLM-assisted malware and VBA code generation
AppDomainManager injection
C#-based implants (SloppyMIO)
Command and Control (C2) via Telegram bots and accounts
Payload and configuration retrieval via GitHub and Google Drive
Delivery via 7-Zip archives with Farsi filenames