A lure built around a geopolitical theme masked a loader chain that leaned on user execution, writable paths, and trusted Windows components to keep the final payload off disk.
A legitimate Microsoft binary, a sideloaded DLL, and a memory-resident RAT show how attackers can turn normal loader behavior into a stealth delivery path.
A seven-week campaign tied to Dropping Elephant mixed trusted web services with fast-changing infrastructure, showing how attackers can turn ordinary publishing and chat-link features into malware delivery paths.