BlindEagle
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 06:53
- Modified
- 27/05/2026 15:52
- Updated at
- 27/05/2026 15:52
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 3 reports, 37 attack patterns (mitre), 11 malware, 5 sectors, 5 countries, 44 indicators, 5 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (3)
-
19 MITREs 2 Malwares 24 Observables 1 APT
-
5 CVEs 11 MITREs 5 Malwares 3 Observables 1 APT
-
19 MITREs 4 Malwares 16 Observables 1 APT
Attack patterns (MITRE) (37)
-
T1059.003 usesWindows Command Shell MITRE
-
T1553.005 usesMark-of-the-Web Bypass MITRE
-
T1078 usesValid Accounts MITRE
-
T1562.001 usesDisable or Modify Tools MITRE
-
T1212 usesExploitation for Credential Access MITRE
-
T1566.002 usesSpearphishing Link MITRE
-
T1095 usesNon-Application Layer Protocol MITRE
-
T1586.002 usesEmail Accounts MITRE
-
T1053.005 usesScheduled Task MITRE
-
T1497.001 usesSystem Checks MITRE
-
T1059.001 usesPowerShell MITRE
-
T1105 usesIngress Tool Transfer MITRE
Malware (11)
-
AsyncRAT usesFamily
-
Remcos RAT usesFamily
-
DcRAT usesFamily
-
PhantomCore usesFamily
-
WarzoneRAT - S0670 usesFamily
-
RemcosRAT usesFamily
-
WarzoneRAT uses
-
AveMaria usesFamily
-
QuasarRAT usesFamily
-
BlotchyQuasar usesFamily
-
Caminho usesFamily
Sectors (5)
-
Insurance services targets
-
Finance targets
-
Education targets
-
Manufacturing targets
-
Government targets
Countries (5)
-
Russian Federation targets
-
Uzbekistan targets
-
Colombia targets
-
Ecuador targets
-
Belarus targets
Indicators (44)
-
08a5d0d8ec398acc707bb26cb3d8ee2187f8c33a3cbdee641262cfc3aed1e91dindicates -
document-file.ruindicates -
181.235.3.119indicates -
503ba890a3a849057c199aa78367aec8e99d77270fc280df7f1988dff7331d80indicates -
185.227.82.72indicates -
3ef2cf8f65a9a6f4955ecd0292af0cd68e65864907d07543c416ab28a2acfa6dindicates -
178.16.54.45indicates -
http://document-file.ru/files/documents/zakupki/MicrosoftWord.exeindicates -
18f11ac8be104b23e282d01156ae251b59e9a93d5d504a32306f15358d4da019indicates -
45.87.246.40indicates -
startmenuexperiencehost.ydns.euindicates -
d0fe6555bc72a7a45a836ea137850e6e687998eb1c4465b8ad1fb6119ff882abindicates
Vulnerabilities (CVE) (5)
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
- Attack vector
- Network
- Published
- 11/03/2025
- Modified
- 27/05/2026
Microsoft Windows NTLM contains an external control of file name or path vulnerability that allows an unauthorized attacker to perform spoofing over …
- Attack vector
- Network
- Published
- 17/04/2025
- Modified
- 27/05/2026
RARLAB WinRAR contains an unspecified vulnerability that allows an attacker to execute code when a user attempts to view a benign file …
- Attack vector
- Local
- Published
- 24/08/2023
- Modified
- 27/05/2026
Microsoft Windows contains an NTLMv2 hash spoofing vulnerability that could result in disclosing a user's NTLMv2 hash to an attacker via a …
- Attack vector
- Network
- Published
- 12/11/2024
- Modified
- 27/05/2026
Microsoft Windows SMB Client contains an improper access control vulnerability that could allow for privilege escalation. An attacker could execute a specially …
- Attack vector
- Network
- Published
- 20/10/2025
- Modified
- 27/05/2026