Tracking MiniDionis: CozyCar's New Ride Is Related to Seaduke

A new campaign attributed to CozyDuke threat actors has been identified, utilizing malware called MiniDionis that appears related to Seaduke. The campaign began on July 7, 2015, targeting government organizations and think-tanks in democratic countries through spear phishing emails containing malicious links or attachments. The attack chain involves multi-stage droppers that deliver decoy media files while executing malicious payloads in the background. MiniDionis uses compromised legitimate websites for command and control, employs JSON-based configuration, and communicates over HTTPS using RC4 and AES encryption. The malware includes comprehensive command capabilities for system reconnaissance, file operations, and remote execution. The attackers demonstrate sophisticated techniques including manual HTTP redirection handling and cleanup mechanisms to evade forensic analysis.

Pulse ID: 69dcac5193a4767db4efdb48
Pulse Link: https://otx.alienvault.com/pulse/69dcac5193a4767db4efdb48
Pulse Author: AlienVault
Created: 2026-04-13 08:41:53

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Email #Encryption #Government #HTTP #HTTPS #InfoSec #Malware #OTX #OpenThreatExchange #Phishing #RAT #SMS #SpearPhishing #UK #bot #AlienVault