As part of a “unusual” campaign, an unidentified threat actor exploited a nowpatched zeroday flaw in Internet Explorer to deliver a fullyfeatured VBAbased remote access trojan (RAT) capable of accessing files stored on compromised Windows systems, as well as downloading and executing malicious payloads.
The backdoor is deployed through a fake document called “Manifest.docx” that loads the vulnerability’s exploit code from an embedded template, which then executes shellcode to deploy the RAT.