Localized phishing lures (tax, payroll, HR, and invoice themes)
Social engineering to shift victims to out-of-band platforms (WhatsApp, LINE, Microsoft Teams)
DLL sideloading for payload execution
Deployment of custom loaders (RomulusLoader, SilentRunLoader)
Use of Remote Access Trojans (Atlas RAT, ValleyRAT/Winos 4.0)
Abuse of legitimate remote monitoring and management (RMM) tools like AnyDesk
Hosting malicious archives on consumer file-sharing services (GoFile, MediaFire)
Credential phishing pages
Impersonation of national tax authorities and corporate finance leadership