{
  "name": "Blind Eagle: ...And Justice for All",
  "slug": "blind-eagle-and-justice-for-all-1",
  "description": "Check Point Research uncovered ongoing campaigns by Blind Eagle (APT-C-36) targeting Colombian institutions since November 2024. The group utilized malicious .url files, similar to CVE-2024-43451, to deliver HeartCrypt-packed malware and Remcos RAT. Campaigns infected over 1,600 victims in a single instance. Blind Eagle exploited legitimate platforms like Google Drive and GitHub for distribution. The group's rapid adaptation to new vulnerabilities and use of underground tools highlight its sophistication. Operating in UTC-5 timezone suggests South American origin. An operational failure revealed past phishing activities targeting Colombian banks, compromising over 8,000 entries of personal data.",
  "published": "2025-04-10T16:50:45+00:00",
  "created_at": "2025-04-10T16:50:45+00:00",
  "modified_at": "2025-04-10T18:12:53+00:00",
  "created_at_opencti": "2025-04-10T16:50:45+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2025-04-10",
    "CVE-2024-43451",
    "apt-c-36",
    "colombia",
    "government",
    "heartcrypt",
    "phishing",
    "purecrypter",
    "remcos",
    "remcos rat",
    "webdav"
  ],
  "related_entities": {
    "malware": [
      {
        "id": "legacy:malware:be12e6fe16bcaff2",
        "name": "Remcos RAT",
        "slug": "remcos-rat"
      },
      {
        "id": "legacy:malware:6303df5151a76c76",
        "name": "PureCrypter",
        "slug": "purecrypter"
      }
    ],
    "intrusion_sets": [
      {
        "id": "legacy:intrusion:3be132d582f91b27",
        "name": "Blind Eagle",
        "slug": "blind-eagle"
      }
    ],
    "attack_patterns": [
      {
        "id": "a72ebeae-8e62-4039-8135-e9c611011fdc",
        "name": "T1573"
      },
      {
        "id": "926a888c-190c-4efb-ab6b-f9d7e6a0fc54",
        "name": "T1547"
      },
      {
        "id": "dc342445-1b78-48b4-aa06-89ed2ad7c28e",
        "name": "T1071"
      },
      {
        "id": "870bd958-53a3-4d25-9f23-00aa8bd6674d",
        "name": "T1102"
      },
      {
        "id": "50514c04-b3a2-4abf-a855-e3a434200c87",
        "name": "T1204"
      },
      {
        "id": "0156fcda-e385-4662-b388-086c3e16feec",
        "name": "T1140"
      },
      {
        "id": "0c836307-129e-4ff7-a532-180c633cacba",
        "name": "T1027"
      },
      {
        "id": "d9b45b3b-d093-4016-89e9-48f31ff4d05d",
        "name": "T1566"
      },
      {
        "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221",
        "name": "T1059"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "Colombia"
      },
      {
        "id": "",
        "name": "Defense"
      },
      {
        "id": "",
        "name": "Finance"
      },
      {
        "id": "",
        "name": "Government"
      }
    ]
  },
  "external_refs": [
    "https://research.checkpoint.com/2025/blind-eagle-and-justice-for-all",
    "https://otx.alienvault.com/pulse/67f81305d2659d5a0d917773"
  ]
}