1. Initial foothold
The attacker sent an email with an attachment named “brochure-for-2023-elite-events.rar
”. This rar file contains only one lnk
(shortcut) file named: brochure-for-2023-elite-events.pdf.lnk
. If the user does not pay attention and extracts the file, it will be displayed as a PDF icon like the following: