Malicious macro-enabled Microsoft Office document downloaded from same malicious server located in Panama and Dropbox cloud. Malicious part of the document is located at 0x00000f14 offset, has 18,944 bytes in size and has the name vbaProject.bin. When it is extracted from the main.docm file, it has two different urls downloading two different pieces of malware. The content of the. document is in Spanish; however, the language used to edit the document was Turksih. It was compiled on a machine where a so-called ilyasOzdogan was the author.”]
Source: https://securelist.com/big-box-latam-hack-3rd-part-infection-by-office-files/58242/