{
  "family": "icedid",
  "sample_count": 118,
  "category": "banking_trojan",
  "description": "IcedID, also known as BokBot, is a modular banking trojan first observed in 2017 that has evolved into a major initial-access malware used to deploy ransomware including Egregor, Conti, and Quantum. It steals banking credentials, browser data, and email, and provides remote access for follow-on operators. IcedID is typically delivered through phishing with malicious Office documents or ISO/IMG containers.",
  "cta": "If you suspect this malware on your system, do not attempt manual removal. Contact SystemHelpdesk expert MSP support at 855-783-7555 for professional incident response guidance.",
  "aliases": [
    "bokbot"
  ],
  "enrichment_level": "hand-curated",
  "faq": [
    {
      "@type": "Question",
      "name": "What is Icedid?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "IcedID, also known as BokBot, is a modular banking trojan first observed in 2017 that has evolved into a major initial-access malware used to deploy ransomware including Egregor, Conti, and Quantum. It steals banking credentials, browser data, and email, and provides remote access for follow-on operators. IcedID is typically delivered through phishing with malicious Office documents or ISO/IMG containers."
      }
    },
    {
      "@type": "Question",
      "name": "How does Icedid spread?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "IcedID spreads through phishing emails with malicious Office attachments, password-protected ZIPs, and as a secondary payload from Emotet and Hancitor."
      }
    },
    {
      "@type": "Question",
      "name": "What are the signs of an Icedid infection?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "Browser injection on banking sites, scheduled tasks for persistence, outbound connections to compromised legitimate sites used as C2, and antivirus detections for IcedID or BokBot are common."
      }
    },
    {
      "@type": "Question",
      "name": "What should I do if I think I have Icedid on my system?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "If you suspect this malware on your system, do not attempt manual removal. Contact SystemHelpdesk expert MSP support at 855-783-7555 for professional incident response guidance."
      }
    }
  ],
  "faq_count": 4,
  "mitre_attack": [
    "T1566.001",
    "T1185",
    "T1071.001"
  ],
  "cisa_advisory": null,
  "last_updated": "2026-05-27"
}