You've Got Malware: FINALDRAFT Hides in Your Drafts

Elastic Security Labs describes a sophisticated malware suite—PATHLOADER (Windows loader) and FINALDRAFT (implant, with PE and ELF variants)—used in an espionage-focused campaign; the tools abuse Microsoft Graph/Outlook for C2, use layered encryption/obfuscation, support process injection, file exfiltration, proxying, and include modular components (PowerShell execution, Pass-the-Hash tooling). The report includes protocol/structural details, command tables, sample hashes and typosquatted domains, and detection guidance.