Nation-state attacks have a habit of popping up as criminal activity. Watch out for this one…:
[…] The malicious document uses command prompt (cmd.exe) to execute a batch script, which then adds a key to the registry for persistence. Simultaneously, a PowerShell script is executed and uses rundll.32 (a Windows tool that runs program code in DLL files as if they were within the actual program; many viruses also use this name or similar ones) to execute the ForeLord malware. ForeLord is so named because once the malware connects to the command and control (C2) servers, it receives a string of code that says “lordlordlordlord,” indicating that its messages have been received by the C2.