The mail contains a file called:invoiceU6GCMXGLL2O0N7QYDZ.doc, which contains an exploit. There’s also a URL in the mail, which leads to the download of the exact same file. The malware creates persistence by injecting into explorer.exe. It calls back to the following domains:.customer.invoice-appmy.org,.dns.com,.my.appmys-ups.org and.my.com Which are probably to fool network administrators.”]
Source: https://bartblaze.blogspot.com/2013/11/latest-ups-spam-runs-include-exploits.html

