Russian-speaking hackers behind Zebrocy malware have changed their technique for delivering malware to high-profile victims. The technique was spotted in recent spear-phishing campaigns from threat group APT28 (Fancy Bear, Sofacy, Strontium, Sednit) to infect target systems with a variant of the toolset. Researchers at Intezer discovered at the end of November a VHD uploaded to the Virus Total scanning platform from Azerbaijan. Inside the image were a PDF file and an executable posing as a Microsoft Word document.
Source: https://www.bleepingcomputer.com/news/security/russian-hackers-hide-zebrocy-malware-in-virtual-disk-images/