The threat actor uses Flagpro in the initial stage of an attack for network reconnaissance, to evaluate the target’s environment, and to download second-stage malware and execute it.