Malicious spear-phishing emails may have been leveraged by APT37 to spread a ZIP archive with an LNK file, which when executed launches a PowerShell code containing a DLL file that facilitates the retrieval of VeilShell, according to a Securonix report, which also noted the “methodical” nature of the attack campaign.

Source: SC Magazine