An early version of the exploit with normal file access permissions:
The new c69978405ecbb4c5691325ccda6bc1c0 with no user read permissions:
This modification to file permissions does appear to offer lower detection rates when comparing to another recent version of a similar exploit.
VT Detection rate of 23/56 for the version with read access:
And VT results of only 13/56 for the version with no read access to the exploit. Most of the major AV engines do not detect the exploit:
Our Cryptam document malware analysis engine has been updated to make any docx/ppsx/pptx/xlsx embedded files readable during processing as well.