From firstname.lastname@example.orgAttached is a file ship20150817.zip which in turn contains a malicious executable ship20150817.exe which has a detection rate of 4/56. According to these automated analysis tools   the malware attempts to phone home to:
Date Wed, 19 Aug 2015 17:47:46 +0700
Subject SHIPMENT NOTICE
please be informed that on Aug 19, 2015 we sent you the following items:
1 pieces from order 1I5005729
1 pieces from order 1I5005841
To find out all details concerning your orders and shipments open the file here attached
or go to the Order status page of the site.
Safilo UK Ltd.
.SU (Soviet Union) domains are bad news in general, if you can I would recommend blocking traffic to all of them. This domain is hosted on the following IPs:
22.214.171.124 (Zenon N.S.P., Russia)
126.96.36.199 (Bashrtcomm LIR, Russia)
188.8.131.52 (Bashrtcomm LIR, Russia)
You might want to consider blocking:
This though is the recommended minimum blocklist:
I am not entirely certain of the payload as the download locations seem to be unreliable.