New: Threat Exposure Validation Impact Report 2025
Learn More
Join our Summer Webinar Series on Threat Exposure Validation
Register Now
Come meet us at Black Hat USA 2025 | Booth 1640
Book a Meeting

Malicious ISO File Leads To Quantum Ransomware Infection

April 5, 2023

A spam campaign was discovered using IcedID contained within an ISO image to drop variants from the Quantum ransomware family. Multiple Windows utilities such as net nltest and ipconfig were used for reconnaissance while Atera Splashtop and a Cobalt Strike beacon were used for persistence. Additional tools including ProcDump PowerShell Mimikatz and Rclone were used to collect and exfiltrate sensitive information.