All this to say they used iso and vhd files... literally nothing "new" in regards to MoTW.
BlueNoroff introduces new methods bypassing MoTW (Mark-of-the-Web) flag, the security measure whereby Windows displays a warning message when the user tries to open a file downloaded from the internet
securelist.com/bluenoroff-me…
1
2
17
