From Malspam to a Fileless .NET Loader: Abusing Google DoubleClick and a Five-Stage Evasion Chain
A German-language "purchase order" email with an HTML attachment is the opening move of a five-stage attack chain in which the malicious link routes through ad.doubleclick[.]net — a high-reputation Go