Figure 1: Samples exploiting ZDI-CAN-25373 by APTs - ZDI-CAN-25373: Windows Shortcut Exploit Abused as Zero-Day in Widespread APT Campaigns

================================================

Earth Iktomi (Side Copy) - 1
Fire Tengu (Ember Bear) - 1
Earth Vetala (MuddyWater) - 1
Earth Gelert (Patchwork, Dropping Elephant)  - 1
Earth Chalkydri (APT35) - 1
Earth Tengshe (APT10) - 1
Earth Dahu (Gamaredon) - 1
Earth Balayang - 1
Water Cetus - 2
Void Imugi (Lazarus, APT38) - 2
Water Glashtyn (EvilNum) - 3
Earth Kapre (Red Curl, Red Wolf) - 4
Earth Preta (Mustang Panda) - 4
Earth Akurra (SideWinder, T-APT-04, APT-C-17, RattleSnake) - 4
Earth Lusca (RedHotel, TAG-22) - 4
Water Poukai (UTG-Q-010) - 9
Earth Manticore (APT37) - 11
Earth Anansi (Bitter) - 16
Earth Imp (Konni) - 17
Earth Kumiho (Kimsuky, APT43) - 24
Water Asena (Evil Corp) - 86