From: Rhianna Wellings [Rhianna@teckentrupdepot.co.uk]Attached is a malicious Word document called Signature Invoice.doc which comes in two different versions, both of which are undetected by AV vendors  . Each one contains a different macro   [pastebin] which then downloads an additional component from one of these two locations:
Date: 24 December 2014 at 07:54
Subject: Signature Invoice 44281
Your report is attached in DOC format.
To load the report, you will need the Microsoft® Word® reader, available to download at http://www.microsoft.com/
The file is saved into the location %TEMP%\1V2MUY2XWYSFXQ.exe and currently has a VirusTotal detection rate of just 4/56. The ThreatExpert report shows traffic to the following IPs:
220.127.116.11 (1&1 Internet, US)
18.104.22.168 (Strato AG, Germany)
22.214.171.124 (HKBN, Hong Kong)
According to the Malwr report it also drops a malicious DLL with a detection rate of 24/56, detected as the Dridex banking trojan.