From: FBR service [firstname.lastname@example.org]I have seen another version of this where the download location is negociomega.com/ticket/fsb.html. Clicking on the link downloads a file ticket8724_pdf.zip which in turn contains a malicious executable ticket8724_pdf.exe.
Date: 22 December 2014 at 18:29
Subject: Tiket alert
Look at the link file for more information.
Assistant Vice President, FBR service
This has a VirusTotal detection rate of 2/54. Between that VirusTotal analysis and the Anubis analysis we can see that the malware attempts to phone home to:
188.8.131.52 is Excell Media Pvt Ltd, India.