Check Point Research has identified two suspicious documents sent to Mongolian public sector. The documents were written in the Mongolian language, with one of them allegedly from Foreign Affairs: Ministry of Foreign Affairs. These documents were weaponized using version 7.x of a tool named RoyalRoad (aka 8.t) This tool allows the attacker to create customized documents with embedded objects that exploit the Equation Editor vulnerabilities of Microsoft Word. The threat actor operates the C&C server in a limited daily window, going online only for a few hours each day, making it harder to analyze and gain access to advanced parts of the infection chain.”]
Source: https://research.checkpoint.com/2020/vicious-panda-the-covid-campaign/

