When searching for different patterns related to that exploit to identify new samples and attacks it might have been used in, the Kaspersky researchers found a document uploaded to the Virus Total online scanning engine on April 1. That document, written in broken English, seemed to describe a new DWM vulnerability for which the exploitation steps were nearly identical to those for the older CVE-2023-36033 flaw.