Figure 1: Samples exploiting ZDI-CAN-25373 by APTs - ZDI-CAN-25373: Windows Shortcut Exploit Abused as Zero-Day in Widespread APT Campaigns ================================================ Earth Iktomi (Side Copy) - 1 Fire Tengu (Ember Bear) - 1 Earth Vetala (MuddyWater) - 1 Earth Gelert (Patchwork, Dropping Elephant) - 1 Earth Chalkydri (APT35) - 1 Earth Tengshe (APT10) - 1 Earth Dahu (Gamaredon) - 1 Earth Balayang - 1 Water Cetus - 2 Void Imugi (Lazarus, APT38) - 2 Water Glashtyn (EvilNum) - 3 Earth Kapre (Red Curl, Red Wolf) - 4 Earth Preta (Mustang Panda) - 4 Earth Akurra (SideWinder, T-APT-04, APT-C-17, RattleSnake) - 4 Earth Lusca (RedHotel, TAG-22) - 4 Water Poukai (UTG-Q-010) - 9 Earth Manticore (APT37) - 11 Earth Anansi (Bitter) - 16 Earth Imp (Konni) - 17 Earth Kumiho (Kimsuky, APT43) - 24 Water Asena (Evil Corp) - 86