The APT group was spotted sending spear-phishing emails that purport to detail information about coronavirus but they actually infect victims with a custom RAT. Once opened, a custom and unique remote-access trojan (RAT) is executed that takes screenshots of the device, develops a list of files and directories, downloads files and more. The emails allege to be from the Mongolian Ministry of Foreign Affairs, and claim to inform victims about the prevalence of new virus infections.
Source: https://threatpost.com/coronavirus-apt-attack-malware/153697/