Winsage
June 12, 2024
The attack described in the text starts with a phishing email containing a .ZIP archive of an HTML file that bypasses antivirus and email security programs. The HTML file forces the browser to interact with Windows Explorer's search function, ultimately leading victims to download a malicious batch script. The researchers were unable to obtain the payload of the attack as the server was shut down.