Spear-phishing with weaponized LNK and VBScript files
ClickFix social engineering (fake CAPTCHA verification pages)
DLL sideloading (abusing legitimate binaries such as Rasphone and Node-Webkit)
Cloud-based C2 infrastructure (Dropbox, X/Twitter, Zimbra mail services)
Reflective loading of Cobalt Strike
Deployment of custom RATs (Shadow RAT, INET RAT)
Blister DLL shellcode loader
Spoofing of government websites (e.g., Pakistan's Ministry of Maritime Affairs)