From Frederico Kessler [Frederico.Kessler@Gamesys.co.uk]
Date Thu, 08 Oct 2015 04:14:23 -0700
Subject Deposit Payment
Attached is receipt of transfer regarding the deposit increase for our new contract
to the Cherry Tree Cottage.
Let me know if its all sorted.
Product Owner | Games Platform
4th Floor, 10 Piccadilly
London, W1J 0DD
Attached is a malicious Excel document named Payments Deposit.xls which comes in five different versions (so far)      each containing a slightly modifed macro [example] which downloads a malicious executable from the following locations:
These download locations have been in use for a couple of other spam runs   but now the payload has been altered and has a VirusTotal detection rate of 3/56. That VirtusTotal report and this Hybrid Analysis report show traffic to:
22.214.171.124 (Rackspace, US)
I recommend that you block traffic to that IP.