Uncorking Old Wine: Zero-Day from 2017 + Cobalt Strike Loader in Unholy Alliance

- Deep Instinct Threat Lab identified a suspected targeted operation against Ukraine delivering a malicious PPSX exploiting CVE-2017-8570 which fetches an obfuscated JSE that drops a payload disguised as Cisco AnyConnect (vpn.sessings); the file is a custom DLL loader that unpacks and self-injects a cracked Cobalt Strike Beacon, implements anti-analysis techniques (CPUID VM checks, NtDelayExecution, attempted ntdll unhooking), achieves persistence via registry keys, and communicates with C2 domains weavesilk.space and petapixel.fun; IOCs and MITRE ATT&CK mappings are provided.