Maldocs are still a good way to get a foothold, while AV products (especially Windows Defender) have become very good at detecting most documents, the advances made by CactusTorch and research by Walmart Security Labs and incorporated into EvilClippy have kept the game going.
https://www.youtube.com/watch?v=YK6ZEIlfjMA
It is proven! I am digisho on Keybase: https://keybase.io/digisho/sigchain#1e938126346bb9c1f649e1373639a87c36a60bd38f6ff4e74b176a2ab8f2bb3d0f
Injecting TCL code into requests for F5 RCE using iRules https://www.youtube.com/watch?v=2f15ZOIU7ks