German Manufacturing Under Phishing Attacks: Tracking a Stealthy AsyncRAT Campaign 

This report analyzes a focused phishing campaign targeting German manufacturing firms that used localized invoice lures and a Dropbox-hosted ZIP containing a malicious .url/.lnk to exploit CVE-2024-43451 via WebDAV, enabling deployment of AsyncRAT and XWorm; sandbox data and multiple related submissions indicate active exploitation, low vendor detections on VirusTotal, and a reproducible attack pattern useful for proactive threat hunting and IOC enrichment.