Spear-phishing via targeted email attacks
Use of malicious macros in Adobe Reader and Microsoft Office documents
Deployment of custom Remote Access Trojans (RATs) such as 3PARA and 4H RAT
Utilization of MSUpdater and pngdowner for persistence and payload delivery
C2 communication via HTTP/S