VERY IMPORTANT

In mid-January of 2017 Unit 42 researchers became aware of reports of open-source developers receiving malicious emails. Multiple owners of Github repositories received phishing emails. Though there were multiple waves of messages following a similar tactic, each one carried the same malicious .doc file as an attachment (SHA256: 6b9af3290723f081e090cd29113c8755696dca88f06d072dd75bf5560ca9408e). This file contained embedded macro code that executed a commonly observed PowerShell command to download and execute a file.