Complex chain of events
https://www.bleepingcomputer.com/news/security/office-365-team-discovers-phishing-email-pushing-winrar-exploit/
A recent targeted attack against organizations in the satellite and communications industry echoes techniques seen in campaigns from cyberespionage group MuddyWater.
The attack leveraged the recently reported 19-year old vulnerability (CVE-2018-20250) in WinRAR (now patched) to launch a convoluted infection chain in an attempt to run a fileless PowerShell backdoor. Successful compromise could grant the adversary full control of the target machine.