The postmortem states that the phishing campaign used only a few patterns.
"Delete any emails with the subject line, “Completed: [domain name] – Wire transfer for recipient-name Document Ready for Signature” and “Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature”. These emails are not from DocuSign. They were sent by a malicious third party and contain a link to malware spam."
Now you've just given me new, horrifying, nightmares of the future.
----
Feature Request: Your software does not make it easy to buy drugs, money, or sex as buydrugsmoneyandsex-dot-com does. Please implement buydrugsmoneyandsex-dot-com functionality by directing users to that website through our affiliate link program: http://preview.tinyurl.com/2tx
"Delete any emails with the subject line, “Completed: [domain name] – Wire transfer for recipient-name Document Ready for Signature” and “Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature”. These emails are not from DocuSign. They were sent by a malicious third party and contain a link to malware spam."
Did you received phishing with other subjects?