EMAIL. DESCRIPTION: Malicious spam (malspam) with link that downloaded a malcious Microsoft Word document (Hancitor). The Hancitor malware document is designed to download and infect Windows hosts with Pony, DELoader (ZLoader), and something else.
TRAFFIC. Shown above: Traffic from the infection today (Thursday 2017-02-23) filtered in Wireshark.
Article Link: http://www.malware-traffic-analysis.net/2017/02/23/index2.html