From: firstname.lastname@example.orgAttached is a file 30.03.15 Ebola Virus (2).doc which contains this malicious macro [pastebin] which is contains a lot of girls names as variables (which makes a nice change from the randomly-generated stuff I suppose).
Date: 7 April 2015 at 08:58
Subject: EBOLA INFORMATION
This email is generated from an unmanned mailbox. Dr N J Gaw can be contacted via email@example.com
PLEASE SEE THE ATTACHED CORRESPONDENCE FOR YOUR INFORMATION.
When decoded the macro downloads a component from:
VirusTotal submissions seem to be down at the moment, so I can't tell you what the detection rate is. Automated analysis tools    show it phoning home to the following IPs (ones in bold are most likely static, the others look to be dynamic):
18.104.22.168 (Reg.Ru Hosting, Russia)
22.214.171.124 (Aqua Networks Ltd, Germany)
126.96.36.199 (Goteborgs Universitet, Sweden)
188.8.131.52 (Digital Ocean Inc, UK)
184.108.40.206 (ABTS, India)
220.127.116.11 (O.M.C. Computers & Communications Ltd, Israel)
18.104.22.168 (Satnet Ltd, Bulgaria)
22.214.171.124 (BT Broadband, UK)
126.96.36.199 (Multimedia Polska S. A., Poland)
188.8.131.52 (Multimedia Polska S. A., Poland)
According to the Malwr report it drops a whole load of files including what is probably a Dridex DLL.