Juniper identifies phishing campaign targeting business customers with malware using malware using password protection, among other techniques, to avoid detection. The latest version of IcedID is being distributed using compromised business accounts where the recipients are customers of the same businesses. The campaign is novel in how it obfuscates the word attached in a number of ways in the email, Juniper Networks security researcher Paul Kimayong wrote. It also uses a dynamic link library (DLL) as its second-stage downloader.
Source: https://threatpost.com/icedid-trojan-rebooted-evasive-tactics/158425/