The FBI Created a Fake FedEx Website to Unmask a Cybercriminal [...] as well as deployed booby-trapped Word documents to reveal fraudsters' IP addresses November 26, 2018 https://motherboard.vice.com/en_us/...-fake-fedex-website-to-unmask-a-cybercriminal
Yep, these NIT's are not that tough if you are careful. Another blunder was to open a Microsoft Document and remove protected mode. Really. As a minimum the Microsoft Document should have been moved to an Air gapped machine if you couldn't resist the urge to look under the hood. You could have then moved it back with it re-closed. Such basic things. I am staring at an Air gap machine for just such an occasion.
Yeah. But even an "air-gap" LiveCD VM with no VDI storage or network interfaces is usually good enough.