← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Sinkholing CountLoader: Insights into Its Recent Campaign
WHITE PetrP.73 2026-05-15 Modified: 2026-05-15
51
IOCs
HIGH VOLUME
The recent CountLoader campaign, identified by McAfee Labs, exemplifies a sophisticated method of cyberattack featuring multiple layers of obfuscation and a complex infection chain. The attackers utilize various loaders including PowerShell scripts and obfuscated JavaScript executed via mshta.exe to facilitate the infection process. Each stage of this process is designed to remain hidden, employing in-memory shellcode injection techniques that further complicate detection efforts.
compromise iocps urlurls httpscountloader c2domainsc2 https
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (1 / 51 total)
All URL FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 6b38e832e24420ca94da2c3570c59871 MD5 of 5f9ff671955a6d551595f9838aed063c496da5039be0d222fe84f96cb3e1d32a 2026-05-15
References (1)
↗ https://www.mcafee.com/blogs/other-blogs/mcafee-labs/sinkholing-countloader-insights-into-its-recent-campaign/