Sunday 05 July 2026 01:40:47 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

WIKICROOK

Multi-stage delivery

An attack pattern where one component launches the next, allowing the malware chain to stay flexible and harder to detect.

Multi-stage delivery is an attack pattern where one malicious component starts the next, rather than delivering the final payload in a single step. A lure may open a script, the script may fetch or decode a loader, and the loader may launch the actual malware. This structure gives attackers flexibility: they can swap payloads, delay execution, or route stages through legitimate tools and services.

It matters in cyber security because each stage can look harmless on its own, which makes simple file-based detection less effective. Defenders often have to follow process chains, script content, network requests, and memory activity to see the full attack. In real intrusions, multi-stage delivery is often used with masqueraded documents, PowerShell, downloaders, and in-memory execution to reduce on-disk artifacts and make analysis harder. Stopping any stage early can prevent the rest of the chain from running.

← WIKICROOK index