Hackers have increasingly turned to OneNote files with malicious attachments as a means of delivering malware since Microsoft blocked its productivity apps from running macros. In addition, phishing emails with .ISO files attached have been a popular method of delivering malware. These files sideload malicious .DLL files and successfully download stage-two payloads to victims’ endpoints.
