From: Avril Sparrowhawk [Avril.Sparrowhawk@lescaves.co.uk]
Date: 22 December 2015 at 11:14
Subject: CWIH8974 PAYMENT RECEIVED
Attached is a malicious document CWIH8974.doc of which I have seen just a single sample with a VirusTotal detection rate of 2/54. There may be other variations of the document, but in this case it downloads a malicious binary from:
This has a VirusTotal detection rate of 2/53 and is the same payload as found in this earlier spam run, leading to the Dridex banking trojan.