Date: Mon, 04 Aug 2014 20:29:43 +0900 [07:29:43 EDT]
From: Accounts Dept [email@example.com]
Subject: Invoice 2014080420 dynamoo
This email contains an invoice file for June 2014 - July 2014. Please pay invoice in full in 3 business days and reply to us.
There is an attachment INV_2014080420.zip containing a folder invoice_june2014-july2014.xls which in turn contains a malicious executable invoice_june2014-july2014.xls.scr which has a VirusTotal detection rate of 6/52. Automated analysis tools are inconclusive   about what it does.
The first part downloads a copy of Cridex from 220.127.116.11:8080/ord/1.exe which currently has a VT detection rate of 9/54. Blocking 18.104.22.168 may offer some protection.