Malicious ISO File Leads To Quantum Ransomware Infection

April 5, 2023

A spam campaign was discovered using IcedID contained within an ISO image to drop variants from the Quantum ransomware family. Multiple Windows utilities such as net nltest and ipconfig were used for reconnaissance while Atera Splashtop and a Cobalt Strike beacon were used for persistence. Additional tools including ProcDump PowerShell Mimikatz and Rclone were used to collect and exfiltrate sensitive information.

Featured Resources

E-book

Optimize Your Cyber Defenses with Exposure Validation

CTEM guidance built around exposure validation to surface real exposures, strengthen existing controls, and reduce uncertainty

Learn More

blog

AI and ML for SIEM: The New Standard in SOC Defense

Traditional SIEM systems, while foundational to enterprise security operations, can reach a limit in increasingly-complex environments. As organizations face more

blog

EscapeRoute: Breaking the Scope of Anthropic’s Filesystem MCP Server
(CVE-2025-53109 & CVE-2025-53110)

EXECUTIVE SUMMARY The Cymulate Research Labs is committed to advancing cybersecurity by scrutinizing emerging technologies and exposing hidden risks. Our

Malicious ISO File Leads To Quantum Ransomware Infection

Featured Resources

Optimize Your Cyber Defenses with Exposure Validation

AI and ML for SIEM: The New Standard in SOC Defense

EscapeRoute: Breaking the Scope of Anthropic’s Filesystem MCP Server(CVE-2025-53109 & CVE-2025-53110)

EscapeRoute: Breaking the Scope of Anthropic’s Filesystem MCP Server
(CVE-2025-53109 & CVE-2025-53110)