Date: 5 August 2015 at 07:46
Subject: IMPORTANT - Document From Ofcom Spectrum Licensing
Please find attached an electronic version of important documents relating to your Wireless Telegraphy licence or application.
Please read the document carefully and keep it for future reference.
If any details within this letter are incorrect, please notify Ofcom Spectrum Licensing as soon as possible. It is the Licensee's responsibility to ensure all information we hold is correct and current.
If you have any enquiries relating to this document, please email
Ofcom Spectrum Licensing
2a Southwark Bridge Road
London SE1 9HA
Phone: 020 7981 3131
Fax: 020 7981 3235
Textphone: 020 7981 3043
In the sample I saw, the attachment was OFCOM_REN04_20150715_0976659.docm [VT 4/46] which contains this malicious macro [pastebin] which (according to this analysis) downloads a malware executable from:
This has a detection rate of 4/52 and automated analysis tools   show it phoning home to:
220.127.116.11 (Reg.RU, Russia)
That IP has been used for badness a few times recently and I definitely recommend that you block traffic to it. The payload is most likely to be the Dridex banking trojan.