What's interesting to note is that it injects its code into MSBuild.exe, RegAsm.exe, and VBC.exe, but if you block these tools from network access, then how will the Hawkeye keylogger connect out?
Threat Actors Exploit Equation Editor to Distribute Hawkeye Keylogger https://securityintelligence.com/ne...ation-editor-to-distribute-hawkeye-keylogger/