The “Moxa” APT group (APT-C-09), also known as HangOver, VICEROY TIGER, The Dropping Elephant, Patchwork, is an overseas APT organization from South Asia. The group has been active for more than 8 years. A recent targeted attack samples of the organization against neighboring countries and regions. Among the samples captured, the Mahaboo organization used a variety of methods: for example, the CVE-2017-0261 vulnerability exploitation document disguised as a network security protocol in a country in South Asia, and the macro utilization sample disguised as an outbreak prevention guide, Executable files disguised as java running environment posted on a securities trading website in Pakistan. Mohsao Group used such malicious samples combined with current affairs hot spots to launch multiple attacks on neighboring countries and regions.
The sample is an EPS exploit file. Once the victim clicks the enable sample, the EPS script filter fltldr.exe will render the malicious EPS script to execute the malicious code.