The Sandworm malware is not a worm at all, but it travels in a Powerpoint file that refers to an INF file. The malware uses a vulnerability in Windows known as CVE-2014-4114, patched in Microsofts October 2014 Patch Tuesday. Sandworm attacks are said to have been used in [a] Russian cyber-espionage campaign targeting NATO, European Union, Telecommunications and Energy sectors The attack relies on a zero-day exploit, because the vulnerability was first exploited before a patch was available.”]
Source: https://nakedsecurity.sophos.com/2014/10/15/the-sandworm-malware-what-you-need-to-know/