Rewterz

Rewterz Threat Advisory – Multiple Apple iOS and iPadOS Vulnerabilities

March 15, 2022
Rewterz

Rewterz Threat Alert – MuddyWater APT – Active IOCs

March 15, 2022

Rewterz Threat Alert – APT C-36 Blind Eagle – Active IOCs

Severity

High

Analysis Summary

The Blind Eagle APT – aka APT-C-36 – is a cybercriminal group that mainly targets Colombian government institutions as well as important corporations in the financial sector, professional manufacturing petroleum industry. It has been active since 2018. This group has been linked to South America. Blind Eagle is a politically motivated nation-state actor that is conducting cyber espionage using NJRAT. The malware is delivered via a phishing email, which contains a malicious link and a weaponized word document.

Image

Impact

Information Theft and Espionage

Indicators of Compromise

Domain Name

  • febenvi[.]duckdns[.]org

Filename

  • RESPEC~1[.]JS

MD5

  • 28125694ef9c9c9c6cc68b34ff289c9c

SHA-256

  • d10a6df70ccbd813af1614eecf8da1485cbb45889ab6a87b410dee10e98fcfbf

SHA-1

  • b80e8177259c4c22fdbe8ad3edcd4cc25927aa4e

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your environment.

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.