The threat actors utilize Microsoft Common Console Document (MSC) files to execute malicious JavaScript code. These MSC files are designed to mimic the appearance of PDF documents, deceiving users into opening them. Upon execution, the embedded JavaScript code facilitates the download and execution of a backdoor payload.