Blind Eagle has reappeared with a refined toolset
Blind Eagle, a financially motivated threat actor also known as APT-C-36, has launched attacks targeting organizations in Colombia and Ecuador since at least 2018.
According to a recent report by cybersecurity firm CheckPoint, the group employs government-themed lures and sophisticated tools in its attacks, including spear-phishing campaigns that deliver malware such as BitRAT and the open-source trojan Quasar RAT.
Blind Eagle targets bank accounts at financial institutions like Banco AV Villas, Banco Caja Social, and BBVA. Researchers believe that the group is more interested in monetary gain than espionage.
Indicator of Compromise
| IoCs |
|---|
| 8e864940a97206705b29e645a2c2402c2192858357205213567838443572f564 |
| 2702ea04dcbbbc3341eeffb494b692e15a50fbd264b1d676b56242aae3dd9001 |
| f80eb2fcefb648f5449c618e83c4261f977b18b979aacac2b318a47e99c19f64 |
| 68af317ffde8639edf2562481912161cf398f0edba6e06745d90c1359554c76e |
| 61685ea4dc4ca4d01e0513d5e23ee04fc9758d6b189325b34d5b16da254cc9f4 |
| https://www.mediafire[.]com/file/cfnw8rwufptk5jz/migracioncolombiaprocesopendienteid2036521045875referenciawwwmigraciongovco.LHA/file |
| https://gtly[.]to/QvlFV_zgh |
| https://gtly[.]to/cuOv3gNDi |
| https://gtly[.]to/dGBeBqd8z |
| laminascol[.]linkpc[.]net |
| systemwin[.]linkpc[.]net |
| upxsystems[.]com |
| c63d15fe69a76186e4049960337d8c04c6230e4c2d3d3164d3531674f5f74cdf |
| 353406209dea860decac0363d590096e2a8717dd37d6b4d8b0272b02ad82472e |
| a03259900d4b095d7494944c50d24115c99c54f3c930bea08a43a8f0a1da5a2e |
| 46addee80c4c882b8a6903cced9b6c0130ec327ae8a59c5946bb954ccea64a12 |
| c067869ac346d007a17e2e91c1e04ca0f980e8e9c4fd5c7baa0cb0cc2398fe59 |
| 10fd1b81c5774c1cc6c00cc06b3ed181b2d78191c58b8e9b54fa302e4990b13d |
| c4ff3fb6a02ca0e51464b1ba161c0a7387b405c78ead528a645d08ad3e696b12 |
| ac1ea54f35fe9107af1aef370e4de4dc504c8523ddaae10d95beae5a3bf67716 |