The threat actor gained initial access via a fake Zoom installer, deploying d3f@ckloader and IDAT loader to drop SectopRAT. After nine days, SectopRAT delivered Cobalt Strike and Brute Ratel, enabling lateral movement through remote services and RDP. To facilitate RDP movement, the attacker used QDoor, a malware with proxy capabilities....