SHEETCREEP, FIREPOWER, and MAILCREEP Analysis

### Executive summary This technical analysis describes an active multi-stage malware campaign (‘Sheet Attack’) that delivers backdoors (SHEETCREEP, FIREPOWER, MAILCREEP) via weaponized PDFs and LNK files, leverages cloud services (Google Sheets, Firebase, Microsoft Graph/Azure) for C2, employs persistence (scheduled tasks and loaders), and has been used to harvest documents and execute remote commands; the report also highlights operator activity and artifacts suggesting generative AI assisted in code authoring.