Several American and European organizations in the energy, oil and gas, and legal sectors have been targeted by the MintsLoader malware campaign. The eSentire Threat Response Unit has identified numerous indicators of compromise (IoCs) associated with this ongoing threat, unveiling a wide range of malicious domains and IP addresses. Affected: energy, oil and gas, legal sectors
Keypoints :
- Several organizations in the energy, oil and gas, and legal sectors were targeted by MintsLoader.
- MintsLoader uses stealth techniques, including domain generation algorithms (DGA), to evade detection.
- The eSentire Threat Response Unit published 61 IoCs tied to the MintsLoader campaign.
- A total of 57 domains and four IP addresses were identified as IoCs.
- Additional threat artifacts included more IP addresses and malicious domains discovered through further analysis.
- Most domain IoCs were created between December 2024 and January 2025, indicating potential ongoing malicious activity.
- The analysis found common short mobilization windows between WHOIS creation and IP resolution across domains.
- The origins of the identified IP addresses span the U.S., Russia, and Germany.
- This snapshot of a broader investigation provides insight into ongoing threat detection efforts.
MITRE Techniques :
- Command and Control (T1071): MintsLoader utilizes DGA to generate command-and-control servers.
- Domain Generation Algorithm (T1568): The malware employs DGA as a technique to evade detection and create new domains for communication.
Indicator of Compromise :
- URL xaides[.]com
- Domain rosettahome[.]top
- Domain nfuvueibzi4[.]top
- Domain sdubvlbbuz3vzzz[.]top
- Domain hjbamcnnkmfjbld[.]top
Full Story: https://circleid.com/posts/unloading-mintsloader-iocs-using-dns-intelligence