From: Accounts [firstname.lastname@example.org]I have only seen one sample of this, with an attachment named Invoice MOJU-0939.zip containing a malicious script invoice_id4050638124.js that has detection rate of 2/53 and which according to this Malwr report downloads a binary from:
Date: 3 February 2016 at 09:04
Subject: Invoice MOJU-0939
Here's invoice MOJU-0939 for 47.52 GBP. For last weeks delivery.
The amount outstanding of 47.52 GBP is due on 25 Feb 2016.
If you have any questions, please let us know.
This payload is the same as seen in this concurrent spam run.