CountLoader
According to Silent Push, this malware exists in multiple versions, including .NET, PowerShell, and JScript. They believe it is part of an IAB toolset or used by a affiliate with ties to LockBit, BlackBasta, and Qilin ransomware groups. CountLoader was also recently used in a PDF-based phishing lure targeting individuals in Ukraine, in a campaign that impersonated the Ukrainian police.
Last 7 days
No activity observed in the last 7 days.
Further Reading
From Loader to Looter: ACR Stealer Rides on Upgraded CountLoader
Discover how the latest CountLoader variant facilitates a multistage malware attack, culminating in the deployment of the ACR Stealer for credential theft.
cyderes.com
CountLoader: Silent Push Discovers New Malware Loader Being Served in 3 Different Versions
Silent Push discovered a new malware loader, we're naming “CountLoader.” The threat is served in .NET, PowerShell, and JScript versions.
silentpush.com