IcedID, also known as BokBot, is a modular banking trojan first observed in 2017 that has evolved into a major initial-access malware used to deploy ransomware including Egregor, Conti, and Quantum. It steals banking credentials, browser data, and email, and provides remote access for follow-on operators. IcedID is typically delivered through phishing with malicious Office documents or ISO/IMG containers.
This family has been observed using the following ATT&CK techniques: T1566.001 T1185 T1071.001
IcedID, also known as BokBot, is a modular banking trojan first observed in 2017 that has evolved into a major initial-access malware used to deploy ransomware including Egregor, Conti, and Quantum. It steals banking credentials, browser data, and email, and provides remote access for follow-on operators. IcedID is typically delivered through phishing with malicious Office documents or ISO/IMG containers.
IcedID spreads through phishing emails with malicious Office attachments, password-protected ZIPs, and as a secondary payload from Emotet and Hancitor.
Browser injection on banking sites, scheduled tasks for persistence, outbound connections to compromised legitimate sites used as C2, and antivirus detections for IcedID or BokBot are common.
If you suspect this malware on your system, do not attempt manual removal. Contact SystemHelpdesk expert MSP support at 855-783-7555 for professional incident response guidance.
Get this profile as JSON: https://jordanricky1604-ship-it.github.io/malware-families-catalog/api/icedid.json
This profile is part of the Malware Families Catalog, a public dataset of 2,899 malware families extracted from the EMBER 2018 benchmark. The catalog is also published on Hugging Face and Kaggle.