From: firstname.lastname@example.orgAttached are one of two Word documents, both with the name 224245.doc but with slightly different macros. Neither are currently detected by any AV vendors  . Inside the DOC is one of two malicious macros   [pastebin] which then downloads an executable from one of the following locations:
Date: 8 December 2014 at 10:57
Subject: INVOICE 224245 from Power EC Ltd
Please find attached INVOICE number 224245 from Power EC Ltd
This file is then saves as %TEMP%\CWRSNUYCXKL.exe and currently has zero detections at VirusTotal. The ThreatExpert report shows that it connects to:
126.96.36.199 (Ministry of Education, Thailand)
188.8.131.52 (1&1 Internet, US)
According to the Malwr report this executable drops a DLL with a slightly better detection rate of 5/53.
UPDATE 2014-12-09:A further couple of variants are being spammed out, both with low detections by VirusTotal   and containing one of two malicious macros   [pastebin] which down,loads from the following locations:
This is then saved as %TEMP%\YVXBZJRGJYE.exe and is presently undetected by vendors. The Malwr report and ThreatExpert report vary slightly, but both show traffic to the same IPs are before. The Malwr report also indicates that a DLL is dropped with a detection rate of 4/52 which is identified as the Dridex trojan.