VERY IMPORTANT

(Description updated in 2018) The Vietnamese government published a brief analysis of spearphishes it had encountered in 2017, such as APEC-SMEWG Strategic Plan 2017-2020.doc. This pulse includes indicators from this analysis, and indicators from other campaigns that employ related malware. The attackers deliver malware through topically titled spearphises, for example Energy_Data_Meeting_fall_2016. Many documents call out to tetrasecured[.]com/word/webstat/image.php?id= (sinkholed by AlienVault) to track when when they are opened. This domain also contains pages to phish credentials for popular online mail providers such as Gmail and Yahoo. It is likely these spearphishes are generated via a builder - so attribution to an exact group of attackers may be incorrect. Recent variants drop distinctively named malware such as KingKong.dll.