Ok, I'm missing multi-extension ones to trick users (known file extensions are off by default on Windows) (like
jpg.exe), .exe and all highly suspicious .js / .jse / .vbe (all most likely in an archive (.zip / .7z,... to evade AV detection)) and now maybe .jpg with Steganography attack technique.
No idea if .jar (like #Adwind RAT) is also spread by malspam? Most likely yes and targeted.
These are just guesses, based on uploads to HybridAnalysis, most of them have the subject "invoice" or the equivalent language name. I don't receive big amounts of spam thanks god, and next to never with suspicious attachments.
Anyway, thanks for the nice share
@JM Security!