A drive-by download attack trying to exploit CVE-2018-4878, a vulnerability in Flash Player. The payload served in this campaign is not a standard PE file. Instead, it is a multiple-stage custom executable format acting as a downloader to retrieve LUA scripts used by the threat actors behind the Hidden Bee miner botnet. This was perhaps the first case of a bootkit being used to enslave machines mining cryptocurrencies. The attackers are leveraging malvertising via adult sites to redirect their victims to the exploit kit landing page.”]