Malware
miniBlindingCan
aka AIRDRY.V2 · EventHorizon
miniBlindingCan is an HTTP(S) orchestrator.
miniBlindingCan is an HTTP(S) orchestrator.
It is a variant of the BlindingCan RAT, having the same command parsing logic, but supporting only a small subset of commands available previously. The main operations are the update of the malware configuration, and the download and execution of additional payloads from the attackers' C&C.
The miniBlindingCan malware was used in Operation DreamJob attacks against aerospace and media companies in Q2-Q3 2022.
Family metadata imported from Malpedia (Fraunhofer FKIE).