Spear-phishing with high-credibility social engineering lures
Impersonation of cybersecurity vendors (e.g., Trend Micro)
Multi-stage malware loaders
JavaScript-based exploits
Custom shellcode utilizing API hashing
Victim-specific payload encryption based on machine IDs
Persistence via scheduled tasks
Deployment of ROMCOM RAT
Use of decoy websites mimicking corporate styles