A spam campaign was discovered using IcedID contained within an ISO image to drop variants from the Quantum ransomware family.
Multiple Windows utilities such as net nltest and ipconfig were used for reconnaissance while Atera Splashtop and a Cobalt Strike beacon were used for persistence.
Additional tools including ProcDump PowerShell Mimikatz and Rclone were used to collect and exfiltrate sensitive information.