sample: https://bazaar.abuse.ch/sample/fc9dd8a525e209d698272c1758b17ba02787d090052396d5871eea5aa7b03a9a/

来源

https://twitter.com/Arkbird_SOLG/status/1408199148294348801

Already seen it in the past (since 2013), the last time that against Bayer for COVID event, that's focus in majority China structures. Sometimes, the attacker just removes and changes the content and payload that make a new payload.

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/911796ef-5127-4522-877c-b3a517312114/Untitled.png