CERT-UA reported mass distribution of malicious XLS-documents among Ukrainian citizens. Once opened they will download and first run the “GzipLoader” and subsequently the “IcedID” malware. “IcedID” is also known as “BankBot” a banking Trojan that can harvest user credentials.