JSC MediaSoft in Russia Hosting Malware (AS48347)

Websense File Sandbox is detecting a downloader being distributed via SCR files within Zips this morning:

As usual, AntiVirus coverage is weak:

As such, you'll want to check your firewall logs for the "phone home" via outbound TCP:80 to Mother Russia:

Question - Do you do business in Russia?  Does is make sense to allow HTTP/S Posts to Russia?  If not, allow ESPO to align your Business Model with your IT Risk Model.