Malicious .ISO and .IMG attachments within phishing emails delivered by RedCurl trigger a multi-stage attack that runs an executable to enable curl utility downloading and loader delivery, a report from Trend Micro showed. Windows PCA is then leveraged by the loader to facilitate another downloader process of the attack, which also involved Impacket exploitation for unauthorized command execution.

Source: SC Magazine