From: Julie Mckenzie [firstname.lastname@example.org]Attached is a file C Swift Credit Card.doc which comes in at least four different versions, all of which are malicious and all of which have a macro similar to this one [pastebin].
Date: 17 April 2015 at 12:24
Subject: Credit Card Statement
Attached your credit card statement.
Can you return with receipts by Friday 17th April.
Tel +44 (0)1543 473300
These macros download a file from one of the following locations:
This is saved as %TEMP%\grant8i.exe and has a VirusTotal detection rate of 11/54 (identified clearly as a Dridex component). Automated analysis     shows that it attempts to communicate with:
184.108.40.206 (FastVPS, Estonia)
I recommend that you block traffic to that IP address. Furthermore, the Malwr report shows it dropping a malicious DLL with a detection rate of 6/53.