top of page

ModernLoader delivers multiple stealers, cryptominers and RATs

Cisco Talos recently observed three separate, but related, campaigns between March and June 2022 delivering a variety of threats, including the ModernLoader bot, RedLine and cryptocurrency-mining malware to victims. The actors use PowerShell, .NET assemblies, and HTA and VBS files to spread across a targeted network, eventually dropping other pieces of malware, such as the SystemBC trojan and DCRAT, to enable various stages of their operations with the final payload being ModernLoader.


GROUP: windows

MALWARE FAMILIES: ModernLoader, Redline

ATT&CK IDS: T1055 - Process Injection, T1027 - Obfuscated Files or Information, T1059.001 - PowerShell, T1053 - Scheduled Task/Job, TA0003 - Persistence, TA0011 - Command and Control, T1088 - Bypass User Account Control

Read More:



Commenting has been turned off.
bottom of page