From "Penelope Phelps"The sender's name, company and "Security-ID" vary. Attached is a ZIP file with elements of the recipient's email address in, containing a malicious .wsf script that looks like this. This Malwr report and this Hybrid Analysis show this particular sample downloading from:
Date Tue, 26 Jul 2016 23:02:43 +1100
Subject list of activities
Attached is the list of activities to help you arrange for the coming presentation.
Please read it carefully and write to me if you have any concern.
ALLIED MINDS LTD
There will be many other download locations in addition to this. The downloaded file is Locky ransomware with a detection rate of 8/55. Further analysis is pending, however it is quite likely that this sample uses the same C2 servers as seen earlier today.