Cado Security Labs have identified a malware campaign targeting the Royal Thai Police. The campaign uses seemingly legitimate documents with FBI content to deliver a shortcut file that eventually results in Yokai backdoor being executed and persisting on the victim system. The activity observed in this campaign is consistent with the Chinese APT group Mustang Panda.