From: firstname.lastname@example.org [mailto:email@example.com]Attached is a file Bank payment 100615.pdf [VT 2/57] which appears to drop a Word document with a malicious macro. Although there are probably several versions of this attachment, according to the Hybrid Analysis report it downloads a component from:
Sent: Monday, June 08, 2015 10:10 AM
Subject: Bank payment
Please find attached a bank payment for £3083.10 dated 10th June 2015 to pay invoice 1757. With thanks.
This is saved as %TEMP%\biksampc.exe and has a VirusTotal detection rate of 5/57. Automated analysis tools    indicate network traffic to the following IPs:
18.104.22.168 (Digital Ocean, Netherlands)
22.214.171.124 (Selectel, Russia)
126.96.36.199 (Global Telecommunications Ltd, Russia)
188.8.131.52 (Internet Thailand Company Limited, Thailand)
184.108.40.206 (RuWeb, Russia)
The Malwr report indicates that it drops a Dridex DLL with a detection rate of 4/57.