Tactic or Technique: ISO

Attackers use ISO files to hide and deliver malware in a format that often slips past security tools. These disk image files are usually used for software distribution, but attackers disguise them as software updates, shipping notices, or other business-related documents to encourage you to open them.
The file itself may look suspicious or unfamiliar, but the message around it is designed to build trust. Once mounted, the ISO can silently run malware like remote access tools, info-stealers, or ransomware. While email providers typically block ISO files as direct attachments, they can still be delivered via URL file downloads and other techniques like link-based HTML smuggling.
This tactic combines social engineering with technical evasion. If you open the file, it can lead to stolen data, financial loss, or a broader network compromise.