Looks like the attack that was found in the wild has several components:
- A social engineering component, in which an Office document which interests the target is sent to them… could be downloaded via a webpage, emailed, or delivered via a USB thumb drive…
- The victim opens the document, and it auto-starts Adobe flash content… in this case it downloads a malicious payload.
- Notice that the malicious payload is encrypted to avoid boundary detections, and the Adobe code downloads the keys in addition to the payload.
- The malicious content is decrypted and then run.
The details of the exploit found are here:
https://www.bleepingcomputer.com/news/security/adobe-patches-flash-zero-day/
I would highly recommend pushing the Adobe Flash patch as soon as practical (ASAP). Download the latest version (which is 30.0.0.113 as of today) from the Adobe Website at:
https://get.adobe.com/flashplayer/
Or, better yet, uninstall it altogether if you don’t have an active need for it.
https://helpx.adobe.com/flash-player/kb/uninstall-flash-player-windows.html