The researchers at Trustwave have disclosed in a recent report that threat actors are starting to utilize WIM (Windows Imaging Format) attachments in order to distribute the Agent Tesla remote access trojan.
Source: cyware.com