The loader itself got here in the form of a modified SQLite3 DLL file that was executed by way of the native rundll32.exe and in turn loaded additional malicious payloads dropped as TLB files in the Windows system32 directory. “The attackers implemented a fragile ‘house of cards’ approach, meaning that each part is dependent upon…