Researchers have learned that the recently patched Office zero day was used to target victims in Russia with FINSPY spyware. Researchers won t say definitively who the victims are, but it s likely that the exploit was obtained from the same source. The same zero-day has been leveraged in financially motivated cybercrime operations to infect computers with credential-stealing LATENTBOT malware. Researchers say the same document was sent in the attacks downloads the payload and a decoy document from 95[.]141[.]38[.]110.
Source: https://threatpost.com/office-zero-day-delivering-finspy-spyware-to-victims-in-russia/124939/