Payload

A payload is a piece of malicious code that is designed to perform malicious activity on a target system.

The payload can be delivered via phishing emails or by exploiting a vulnerability in the system. As a rule, it is encrypted so that detection systems do not catch malicious code. When launched, it can perform various activities, such as stealing sensitive information, disrupting system processes, or taking control of the entire system. The payload can be executed immediately or when a certain trigger event occurs (for example, at a specific date and time or after the system performs a certain action).

A typical example is a situation where a cyber-attacker sends a victim an email with a malicious attachment, and the victim's system becomes infected with ransomware after opening the attachment. In such a case, we do not consider the email or its attachment to be the payload but rather the ransomware itself.