Zip attachment in the message contains a doc file. This, if opened, contacts a link from an internal list and downloads dll from Epoch botnets 1 and 3, which initiates malware infection.
By opening the link in the email, you download a doc file that contacts a url from an internal list and download the dll, which starts the malware infection.
The email contains a link that downloads a .doc attachment. This contacts a random url from an internal list of 9 and downloads a DLL, which starts malware infection.
Juniper Threat Labs cybersecurity experts: the malware uses GitHub and Pastebin for housing component code and has at least 12 different attack modules available.
New messages with compressed attachment, which contains a .doc file. This, if opened, contacts a link from an internal list that downloads the malware from the Epoch 2 botnet.