nao_sec on Twitter: "Interesting maldoc was submitted from Belarus. It uses Word's external link to load the HTML and then uses the "ms-msdt" scheme to execute PowerShell code. https://t.co/hTdAfHOUx3 https://t.co/rVSb02ZTwt" / Twitter

https://twitter.com/nao_sec/status/1530196847679401984

https://x.com/home/status/1530844804061573120

https://x.com/home/status/1530877564859912193

https://x.com/home/status/1530883379008356358

https://x.com/home/status/1530886933794136073

https://x.com/home/status/1530899491917807622

https://x.com/home/status/1530900957298675712

https://x.com/home/status/1530902736706883585

https://x.com/home/status/1530906021547450368

https://x.com/home/status/1530910371694903298

https://x.com/home/status/1530944708855349248

https://x.com/home/status/1530951893601685510

https://x.com/home/status/1530956744888836102

https://x.com/home/status/1530963448183537666

https://x.com/home/status/1530970183422164993

https://x.com/home/status/1530974352660897793

https://x.com/home/status/1530975755152375814

https://x.com/home/status/1530976173982994433

https://x.com/home/status/1530978570486562818

https://x.com/home/status/1530979430033678336

https://x.com/home/status/1530988561457192960

https://x.com/home/status/1530997353423020032

https://x.com/home/status/1530999835750457345

https://x.com/home/status/1531000015799431170

https://x.com/home/status/1531000545687015424

https://x.com/home/status/1531001683852988416

https://x.com/home/status/1531001993988390912

https://x.com/home/status/1531002957285687300

https://x.com/home/status/1531003476301561857

https://x.com/home/status/1531003598624018432

https://x.com/home/status/1531015782687289346

https://x.com/home/status/1531021231490625536

https://x.com/home/status/1531022142304833538

https://x.com/home/status/1531028753891086342

https://x.com/home/status/1531029422966448128

https://x.com/home/status/1531031722208403456

https://x.com/home/status/1531033901229133825

https://x.com/home/status/1531047207431987200