Since 2022, cyber espionage operations utilizing POISONPLUG.SHADOW have been tracked, employing a custom obfuscating compiler called ScatterBrain. This evolved version of ScatterBee targets entities in Europe and Asia Pacific. POISONPLUG.SHADOW, a variant of the POISONPLUG modular backdoor, uses advanced obfuscation techniques to evade detection. The blog post details the analysis of ScatterBrain, including its modes of operation, protection components, and the development of a deobfuscator. It explains the process of CFG recovery, import restoration, and binary reconstruction. The research provides insights into combating sophisticated obfuscation techniques and contributes to enhancing cybersecurity defenses against evolving threats.