SANS ISC highlights new attack from IcedID family of malware called BOKBOT with details below … these links share malicious WORD documents with dangerous macro routines that can be harmful or leak information back to attackers

https://isc.sans.edu/forums/diary/Malspam+with+links+to+Word+docs+pushes+IcedID+Bokbot/25640/

On Monday 2019-12-23, a wave of malicious spam (malspam) was distributing IcedID malware, also known as Bokbot. Today’s diary reviews recent infection activity by this malware. As I already mentioned, today’s diary reviews recent infection activity by IcedID. I received different Word docs from the same links when I tested them in my lab environment. The first Word document had a template that was mostly red (maybe reddish-orange). My second sample had a different template that was mostly blue.