Here is another sample that I found in my spam trap. The technique to infect the victim’s computer is interesting. I captured a mail with a malicious RTF document (SHA256: c247929d3f5c82247db9102d2dec28c27f73dc0824f8b386f92aad1a22fd8edd)[1] that exploits the OLE2Link vulnerability (CVE-2017-0199[2]). Once opened, the document fetches the following URL:
Article Link: https://isc.sans.edu/diary/rss/23016