From: firstname.lastname@example.orgAttached is a file 1569311-1Z2X12A50495162278.doc which in the samples I have seen has a detection rate of 7/55 and which contains this malicious macro [pastebin]. According to this Malwr report, the macro downloads a binary from:
Date: 7 December 2015 at 09:28
Subject: Transglobal Express - Shipping Documentation (TG-1569311)
This has a VirusTotal detection rate of just 1/54. Those two reports plus this Hybrid Analysis indicate network traffic to:
18.104.22.168 (AT&T Internet Services, US)
I strongly recommend that you block traffic to that IP. The payload here is almost definitely the Dridex banking trojan.