From blog.malwarebytes.com
On December 7 2020 we identified a malicious document uploaded to Virus Total which was purporting to be a meeting request likely used to target the government of South Korea. The meeting date mentioned in the document was 23 Jan 2020, which aligns with the document compilation time of 27 Jan 2020, indicating that this attack took place almost a year ago.
The file contains an embedded macro that uses a VBA self decoding technique to decode itself within the memory spaces of Microsoft Office without writing to the disk. It then embeds a variant of the RokRat into Notepad.