We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Trojan:Win64/IcedId
Aliases: No associated aliases
Summary
This threat is a modular banking trojan first observed in 2017. Since 2017, IcedID evolved from its origins as a regular banking trojan to become an entry point for more sophisticated attacks, including human-operated ransomware.
For information about IcedID and other human-operated malware campaigns, read these blog posts:
Remove the affected machine from the network as IcedID often leads to Cobalt Strike and ransomware.
Microsoft Defender Antivirus automatically removes threats as they are detected. However, many infections can leave remnant files and system changes. Updating your antimalware definitions and running a full scan might help address these remnant artifacts.
You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.