Attacks commence with the delivery of fraudulent business- or finance-related documents, which when executed open the default app for Word documents while establishing a mutex and altering registry entries to ensure persistence.
Article Link: China subjected to new ValleyRAT malware attack campaign | SC Media