This page is a sub page of the case file for case DIVD-2025-00019 - Victim Notification Operation Endgame, which contains the general information about this case.
Systems in your network have been connected with the C&C server for the IcedId botnet taken down in Operation Endgame
If you received a notification from us with the subject IcedID botnet infections in your network - DIVD-2024-00019 it means that a system in your network connected to a IcedID C&C server that has been taken down by the police in operation Endgame.
What does this mean?
This system is likely infected with malware and needs to be forensically investiagted and/or replaced.
What should we do?
- Investigate the system/have the system investigated for malware infections.
More questions?
The main case file contains a Frequently Asked Questions (FAQ) section. If that does not answer your questions, please reply to the email you received or email us at DIVD-2024-00019@csirt.divd.nl.
For more information, see the main case file.