From =cU3RlZmFuaWUgU3VsbGl2YW4=?= [SullivanStefanie68750@numericable.fr]All the samples I have seen have slightly mangled headers. The sender name varies. Attacked is a ZIP file named in a similar format to order_copy_7B6B7E08.zip which contains a malicious script named something like:
Date Tue, 01 Mar 2016 13:40:48 +0200
It is very unpleasant to hear about the delay with your order #7B6B7E08, but be sure
thatour department will do its best to resolve the problem.It usually takes around7
business days to deliver a package of this size to your region.
The local post office should contact your as soon as they will receive theparcel.Be
sure that your purchase will be delivered in time and we alsoguarantee that you will
be satisfied with our services.
Thank you for your business with our company.
I have seen six different samples so far with zero detection rates       and which according to these analysis       attempt to download a Locky binary from:
Those binaries phone home to:
Those C&C servers are the same as I mentioned in this spam run and I suggest you block traffic to: