Skip to content

CountLoader

According to Silent Push, this malware exists in multiple versions, including .NET, PowerShell, and JScript. They believe it is part of an IAB toolset or used by a affiliate with ties to LockBit, BlackBasta, and Qilin ransomware groups. CountLoader was also recently used in a PDF-based phishing lure targeting individuals in Ukraine, in a campaign that impersonated the Ukrainian police.