One of them used an all-inclusive ISO file containing a decoy document, a signed executable, and a malicious DLL file, resulting in the deployment of one of the two custom information stealers (Ctealer or Cucky) via DLL side-loading. Next, TelePowerBot would be dropped as a registry implant.
Read full article on Heimdal Security Blog