From: Laurena Washabaugh [firstname.lastname@example.org]
Date: 29 January 2016 at 10:10
Subject: Quick Question
Signed by: rambler.ru
What's going on?
I was visting your website on 1/29/2016 and I'm very interested.
I'm currently looking for work either full time or as a intern to get experience in the field.
Please review my CV and let me know what you think.
The attachment is named Resume.rtf, but is it actually a DOCX file with a malicious macro [pastebin], the document has a VirusTotal detection rate of 9/54. I haven't had time to do a detailed analysis, but these automated analyses    show it phoning home to:
18.104.22.168 (Quasi Networks, Seychelles)
I recommend that you block traffic to that IP. I'm not sure about what this drops, possibly ransomware. No doubt someone reading this will :)