IcedID Banking Trojan Teams up with Rovnix for Distribution
released on 2018-04-10 @ 08:52:31 PM
Microsoft Word documents containing macros. When the malicious documents are opened and the macros are enabled, Rovnix, another trojan, would be downloaded and executed, which subsequently downloads IcedID. In addition to Rovnix, many of the samples downloaded a second payload, a Bytecoin miner (Bytecoin is a crypto currency similar to bitcoin).
Rovnix is financially motivated malware that is known to download and install additional modules, or other malware families.