APT28 sent out a document disguising itself as a flyer relating to the Cyber Conflict U.S. conference. The document contains a VBA macro that executes a new variant of Seduploader. This article analyzes the document and the reconnaissance malware inside.