Troj_Mdropper.BH exploits a known and patched vulnerability in Office, MS06-012. Trojan confounded researchers around the industry yesterday because it didn’t display the same behaviors of other malware that goes after the remote-code execution vulnerabilities in Office. Researchers initially thought it could be targeting a new, unknown vulnerability in Microsoft software. Trojan’s shell code doesn’t “manifest” the same behavior as other exploits that target the vulnerability, Trend Micro said in its update.”]
Source: https://www.darkreading.com/analytics/powerpoint-trojan-not-zero-day