Rewterz Threat Advisory – Multiple Apple iOS and iPadOS Vulnerabilities
March 15, 2022Rewterz Threat Alert – MuddyWater APT – Active IOCs
March 15, 2022Rewterz Threat Advisory – Multiple Apple iOS and iPadOS Vulnerabilities
March 15, 2022Rewterz Threat Alert – MuddyWater APT – Active IOCs
March 15, 2022Severity
High
Analysis Summary
The Blind Eagle APT – aka APT-C-36 – is a cybercriminal group that mainly targets Colombian government institutions as well as important corporations in the financial sector, professional manufacturing petroleum industry. It has been active since 2018. This group has been linked to South America. Blind Eagle is a politically motivated nation-state actor that is conducting cyber espionage using NJRAT. The malware is delivered via a phishing email, which contains a malicious link and a weaponized word document.
Impact
Information Theft and Espionage
Indicators of Compromise
Domain Name
- febenvi[.]duckdns[.]org
Filename
- RESPEC~1[.]JS
MD5
- 28125694ef9c9c9c6cc68b34ff289c9c
SHA-256
- d10a6df70ccbd813af1614eecf8da1485cbb45889ab6a87b410dee10e98fcfbf
SHA-1
- b80e8177259c4c22fdbe8ad3edcd4cc25927aa4e
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.