Malicious ISO File Leads to Domain Wide Ransomware
released on 2023-04-03 @ 08:04:58 AM
The blog describes an incident that took place in late September of 2022. The threat actors used IcedID, delivering the payload using an ISO image on this occasion. The threat actor used Cobalt Strike, AdFind to gather AD information, exploited the Zero Logon vulnerability (CVE-2020-1472), and deployed Quantum ransomware using PSExec.