Hackers-for-hire group DarkCrewFriends has resurfaced and is targeting content management systems to build a botnet. The botnet can be used to mount different kinds of attacks, including code-execution and DDoS attacks. The exploit for the particular vulnerability being targeted is a zero-day that was created and published by the group, researchers said. Researchers decoded the string, they discovered commands to download and execute two.AFF files..AFF is a spellcheck dictionary file type used by Kingsoft WPS Office.
Source: https://threatpost.com/darkcrewfriends-returns-botnet/156963/