APT-C-35: New Windows Framework Revealed
For initial infection, the DoNot Team uses spear phishing emails containing malicious attachments. To load the next stage they leverage Microsoft Office macros and RTF files exploiting Equation Editor vulnerability and remote template injection.