Skip to main content
Threat Radar animated logo
DashboardThreatsMapFeedsPricingView Plans & Pricing
reconnecting
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.

Threats Tagged 'fileless execution'

View all threats tagged with 'fileless execution'. Filter and sort to focus on specific types of threats.

Pro Console Lifetime

Stop chasing alerts. Route them.

Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.

Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)

View Plans & Pricing

API access activates after upgrading in Console -> Billing.

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

Filter Threats

Narrow down the results by type, severity, or affected countries

Search threats by title, CVE ID, or description. Maximum 100 characters.
Active filters (1):Tag: fileless execution

Threats Tagged 'fileless execution'

Click on any threat for detailed analysis and mitigation recommendations

Operation DragonReturn: China-Nexus Cyber Espionage Campaign Targeting Govt. of India/MoF Tax Infrastructure via Multi-Stage DcRAT Deployment
0

Operation DragonReturn is a medium-severity cyber espionage campaign attributed to a China-aligned threat actor targeting India's Ministry of Finance tax infrastructure during the AY2026-27 income tax filing season. The campaign uses spear-phishing emails impersonating government entities to deliver a multi-stage infection chain deploying DcRAT malware. Techniques include steganographic payload concealment, fileless .NET execution, AMSI bypass, and Windows service persistence. The threat actor employs encrypted TLS communications and rotates payloads to evade detection. The campaign focuses on corporate entities, tax professionals, and taxpayers in India, aiming to collect intelligence and exfiltrate data.

MediumMalwareBritish Indian Ocean TerritoryBritish Indian Ocean TerritoryIndiaIndia#china-nexus#income tax impersonation#spear-phishing
Join the discussion
ClickFix Is Now Hiring: From Job Platform Impersonation to Python-Based RAT Delivery
0

A multi-stage phishing campaign emerged in early May 2026, impersonating LinkedIn and Indeed through typosquatted domains to deliver malicious payloads. The attack chain begins with fake CAPTCHA pages distributed via Google Ads, leveraging the legacy Finger protocol and native Windows utilities. Victims are tricked into executing commands that deploy portable Python runtimes (CPython or IronPython), which then execute in-memory shellcode. The campaign delivers CastleLoader, a Malware-as-a-Service framework using ChaCha20 and RC4 encryption for C2 communications, followed by a Python-based remote access trojan. The RAT provides interactive shell control, in-memory payload execution, and persistence mechanisms. The campaign represents an evolution of browser-based social engineering, combining Living-off-the-Land binaries with Python-based delivery to maintain a fileless footprint and evade detection through legitimate system utilities.

MediumMalware#lolbin#social engineering#phishing
Join the discussion

Showing 1 to 2 of 2 results

Filters:Tag: fileless execution
Page 1 of 1
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses