APT / THREAT GROUP💰 FINANCIALHIGH

Ice IX

2
aliases
Last seen:Mar 17, 2026

Intelligence Profile

The ICE IX bot is a banking trojan derived of the Zeus botnet because it uses significant parts of Zeus’s source code. ICE IX communicates using the HTTP protocol, so it can be considered to be a third-generation botnet. While it has been used for a variety of purposes, a primary threat of ICE IX comes from its manipulation of banking operations on compromised machines. As with any bot, execution of the bot results in establishing a master-slave relationship between the botmaster and the compromised computer.

Threat Analysis

Ice IX is a high-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of financial.

Financially motivated threat actors like Ice IX prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.

With high sophistication, Ice IX is capable of targeted intrusions using adapted commodity tools alongside custom implants, maintaining operational security and evading standard detection mechanisms.

External References

Quick Facts

TypeAPT / Threat Group
Motivation💰 financial
Sophisticationhigh
Aliases2

Also Known As

win.ice_ixIce IX

External Intelligence

Malpedia: win.ice_ix

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.