Spear-phishing attacks targeting VIPs and others show key malware changes and are likely linked to the current conflict with Armenia. Researchers believe the rising conflict between Azerbaijan and Armenia is most likely to blame for the new attacks. The attacks use Microsoft Word documents alleged to be from the Azerbaijan government to install PoetRAT in two separate files on victims machines. Researchers also came across other tools, including a keylogger, a browser credential stealer, an open-source framework for privilege escalation (WinPwnage)
Source: https://threatpost.com/poetrat-resurfaces-azerbaijan-conflict/159917/