Introduction
For so long, Microsoft Office's macro capability has been to go option for initial access by threat actors. The community has seen a great variety of samples of this technology. But things are changing by Microsoft's decisions from last year. VBA macros are blocked if the origin of the document is the internet. Although in the middle, they retrieved but then by overwhelming responses, they returned to their initial decision. On the other hand, EXCEL 4.0 macros are restricted by default.
After these game-changing decisions, threat actors started to adopt new techniques for initial access, and the community responded to this movement with an appropriate answer. The trends show us that ISO and LNK file formats are at their peak. LNK files are Windows shortcuts, and recently SentinelOne shared excellent research around them. The post inspired me to do similar research on ISO files.