A threat actor has begun to utilize WIM (Windows Imaging Format) attachments to distribute the Agent Tesla remote access trojan. WIM files are a file-based disk image format that Microsoft developed to aid in deploying Windows Vista and later operating systems. Windows has no built-in mechanism to open a WIM file in Windows, which is not supported by Windows built in ability to mount disk image files. Unusual attachments are a double-edged sword that may work against them as they will not be opened by most devices that do not have specialized programs.
Source: https://www.bleepingcomputer.com/news/security/phishing-attacks-unusual-file-attachment-is-a-double-edged-sword/