Rewterz Threat Alert – GuLoader Malspam Campaign – Active IOCs
March 24, 2022Rewterz Threat Alert – Nanocore Rat – Active IOCs
March 24, 2022Rewterz Threat Alert – GuLoader Malspam Campaign – Active IOCs
March 24, 2022Rewterz Threat Alert – Nanocore Rat – Active IOCs
March 24, 2022Severity
High
Analysis Summary
The Blind Eagle APT – aka APT-C-36 – is a cybercriminal group that mainly targets Colombian government institutions as well as important corporations in the financial sector, professional manufacturing petroleum industry. It has been active since 2018. This group has been linked to South America. Blind Eagle is a politically motivated nation-state actor that is conducting cyber espionage using NJRAT. The malware is delivered via a phishing email, which contains a malicious link and a weaponized word document.
Impact
- Information Theft and Espionage
Indicators of Compromise
Filename
- Embargo Judicial RAD 254-1548[.]pdf
- CKW[.]vbs
MD5
- 1aba36f72685c12e60fb0922b606417c
- 2d6d9d57325dfe778ebeb70449b75ed5
- 000bb96bd620e55ea6a358af4bcb418b
SHA-256
- 63a218d3fc7c2f7fcadc0f6f907f326cc86eb3f8cf122704597454c34c141cf1
- dbcedd1cecc2d58688d9ea03d64f40621e417eae605f96c3fa148f5f22c03ff3
- 1414f343044fe0e9382838b5f457efc92a43b319bb56ef68e1f999d467637843
SHA-1
- 3552c184281abcc14e3b941841b698cfb0ec9f1d
- fdcaf437a5aa2be91791de58bd6c378dd958d7e8
- dc0725980af81ceb9ea2b9a2b264061cc53b9789
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.