National CSIRT-CY would like to inform the general public about a new Phishing campaign which sends emails containing a WORD document file where it pretends to be a scanned document by XEROX Color Multifunction machine.
The sender’s e-mail is: firstname.lastname@example.org with an IP address 184.108.40.206.
If you have received the following email, please DO NOT open the attached file because it contains malicious code. If the attached file has been opened, please contact us as soon as possible.
Malicious file Analysis
1. File Details
Type: Rich Text Format data, version 1, unknown character set
File Name: Declaration_Report.doc
Size: 2043 bytes
2. Behavior Activities
3. Behavior Graph
4. Network Activity