A Crimean “manifesto” hides an attack that infects victims with a VBA Rat, which we also found being deployed through a separate exploit. The attackers may have wanted to combine a social engineering technique with a known exploit to maximize their chances of infecting targets. We could not determine who might be behind this attack based on the techniques alone, but a decoy document displayed to victims may give some clues. It contains a statement from a group opposed to Putins policies on the Crimean peninsula.”]