Skip to the content.

This page is a sub page of the case file for case DIVD-2025-00019 - Victim Notification Operation Endgame, which contains the general information about this case.

Systems in your network have been connected with the C&C server for the IcedId botnet taken down in Operation Endgame

If you received a notification from us with the subject IcedID botnet infections in your network - DIVD-2024-00019 it means that a system in your network connected to a IcedID C&C server that has been taken down by the police in operation Endgame.

What does this mean?

This system is likely infected with malware and needs to be forensically investiagted and/or replaced.

What should we do?

More questions?

The main case file contains a Frequently Asked Questions (FAQ) section. If that does not answer your questions, please reply to the email you received or email us at DIVD-2024-00019@csirt.divd.nl.

For more information, see the main case file.