On March 17, 2019, the 360 ​​Threat Intelligence Center intercepted a sample of targeted attacks targeting the Middle East using the suspected “Golden Rat” APT organization (APT-C-27) using the WinRAR vulnerability (CVE-2018-20250[6]). The malicious ACE compression package contains an Office Word document that uses a terrorist attack as a bait to induce the victim to decompress the file. When the victim unpacks the file on the local computer through WinRAR, the vulnerability is triggered. After the exploit is successful, the vulnerability will be built in.