From: firstname.lastname@example.orgAttached is a file named email@example.com_20151203_3248.doc which I have seen just a single sample of so far with a VirusTotal detection rate of 2/55, and which contains this malicious macro [pastebin]. Automated analysis tools   show that the macro downloads a component from the following location:
Date: 3 December 2015 at 08:12
Subject: Scanned image from MX-2600N
Reply to: firstname.lastname@example.org [email@example.com]
Device Name: Not Set
Device Model: MX-2600N
Location: Not Set
File Format: DOC MMR(G4)
Resolution: 200dpi x 200dpi
Attached file is scanned image in DOC format.
Use Microsoft(R)Word(R) of Microsoft Systems Incorporated
to view the document.
There will probably be other versions of the document downloading from other locations, but for the moment the binary will be the same. This has a detection rate of 3/55 and this Malwr report shows that it communicates with a known bad IP of:
126.96.36.199 (PJSC DATAGROUP, Ukraine)
I strongly recommend that you block traffic to that IP. The payload is most likely to be the Dridex banking trojan.