Rewterz Threat Alert – Hive or BlackCat/ALPHV – Active IOCs
March 29, 2022Rewterz Threat Alert – Lazarus APT Group – Active IOCs
March 29, 2022Rewterz Threat Alert – Hive or BlackCat/ALPHV – Active IOCs
March 29, 2022Rewterz Threat Alert – Lazarus APT Group – Active IOCs
March 29, 2022Severity
High
Analysis Summary
The Blind Eagle APT – aka APT-C-36 – is a cybercriminal group that mainly targets Colombian government institutions as well as important corporations in the financial sector, professional manufacturing petroleum industry. It has been active since 2018. This group has been linked to South America. Blind Eagle is a politically motivated nation-state actor that is conducting cyber espionage using NJRAT. The malware is delivered via a phishing email, which contains a malicious link and a weaponized word document.
Impact
- Information Theft and Espionage
Indicators of Compromise
Filename
- A2bh1F9GiC[.]exe
MD5
- 7619f3bf412f68ce1449545c814fb097
SHA-256
- b391b28e6eeb24283524da11d8126873d55241bb49f506955b07b39712bb1616
SHA-1
- 5c310f794eb84d6bbddf7a2529ac6c78fcc0d0b3
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.