BlindEagle
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 06:53
- Modified
- 27/05/2026 15:52
- Updated at
- 27/05/2026 15:52
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 3 reports, 37 attack patterns (mitre), 11 malware, 5 sectors, 5 countries, 44 indicators, 5 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (3)
-
19 MITREs 2 Malwares 24 Observables 1 APT
-
5 CVEs 11 MITREs 5 Malwares 3 Observables 1 APT
-
19 MITREs 4 Malwares 16 Observables 1 APT
Attack patterns (MITRE) (37)
-
T1566.001 usesSpearphishing Attachment MITRE
-
T1056.002 usesGUI Input Capture MITRE
-
T1543.003 usesWindows Service MITRE
-
T1564.001 usesHidden Files and Directories MITRE
-
T1003 usesOS Credential Dumping MITRE
-
T1588.001 usesMalware MITRE
-
T1587.001 usesMalware MITRE
-
T1187 usesForced Authentication MITRE
-
T1056.001 usesKeylogging MITRE
-
T1059.007 usesJavaScript MITRE
-
T1027.003 usesSteganography MITRE
-
T1550 usesUse Alternate Authentication Material MITRE
Malware (11)
-
AsyncRAT usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Remcos RAT usesFamily
-
DcRAT usesFamily
-
PhantomCore usesFamily
-
WarzoneRAT - S0670 usesFamily
-
RemcosRAT usesFamily
-
WarzoneRAT uses
-
AveMaria usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
QuasarRAT usesFamily
-
BlotchyQuasar usesFamily
-
Caminho usesFamily
Sectors (5)
-
Insurance services targets
-
Finance targets
-
Education targets
-
Manufacturing targets
-
Government targets
Countries (5)
-
Russian Federation targets
-
Uzbekistan targets
-
Colombia targets
-
Ecuador targets
-
Belarus targets
Indicators (44)
-
html.malurl.gen.ncindicates -
185.18.222.5indicates -
e7666af17732e9a3954f6308bc52866b937ac67099faa212518d5592baca5d44indicates -
7860838e0e073637ec889ba1f1564d363b6a16d6185f9cbb9bb30d38a394335bindicates -
103.20.102.130indicates -
7c24496d765ada6b1de182bb3a5e36894f699a855a17810dc163a615a47db714indicates -
74.124.24.240indicates -
181.206.158.190indicates -
c208d8d0493c60f14172acb4549dcb394d2b92d30bcae4880e66df3c3a7100e4indicates -
179.13.4.196indicates -
win32.backdoor.asyncrat.bsindicates -
ec2dd6753e42f0e0b173a98f074aa41d2640390c163ae77999eb6c10ff7e2ebdindicates
Vulnerabilities (CVE) (5)
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
- Attack vector
- Network
- Published
- 11/03/2025
- Modified
- 27/05/2026
Microsoft Windows NTLM contains an external control of file name or path vulnerability that allows an unauthorized attacker to perform spoofing over …
- Attack vector
- Network
- Published
- 17/04/2025
- Modified
- 27/05/2026
RARLAB WinRAR contains an unspecified vulnerability that allows an attacker to execute code when a user attempts to view a benign file …
- Attack vector
- Local
- Published
- 24/08/2023
- Modified
- 27/05/2026
Microsoft Windows contains an NTLMv2 hash spoofing vulnerability that could result in disclosing a user's NTLMv2 hash to an attacker via a …
- Attack vector
- Network
- Published
- 12/11/2024
- Modified
- 27/05/2026
Microsoft Windows SMB Client contains an improper access control vulnerability that could allow for privilege escalation. An attacker could execute a specially …
- Attack vector
- Network
- Published
- 20/10/2025
- Modified
- 27/05/2026