ioc[.]one - OSINT Cyber Threat Intelligence Database

BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar

Tags

cmtmf-attack-pattern:	Acquire Infrastructure Boot Or Logon Autostart Execution Compromise Accounts Develop Capabilities Obfuscated Files Or Information Scheduled Task/Job Stage Capabilities
country:	Colombia Ecuador
maec-delivery-vectors:	Watering Hole
attack-pattern:	Acquire Infrastructure Data Acquire Infrastructure - T1583 Boot Or Logon Autostart Execution - T1547 Compromise Accounts - T1586 Credentials - T1589.001 Develop Capabilities - T1587 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Domains - T1583.001 Domains - T1584.001 Dynamic Dns - T1311 Dynamic Dns - T1333 Email Accounts - T1585.002 Email Accounts - T1586.002 Embedded Payloads - T1027.009 Encrypted/Encoded File - T1027.013 Exfiltration Over C2 Channel - T1646 Gui Input Capture - T1056.002 Hidden Files And Directories - T1564.001 Hide Artifacts - T1628 Hide Artifacts - T1564 Impair Defenses - T1562 Impair Defenses - T1629 Inhibit System Recovery - T1490 Input Capture - T1417 Ip Addresses - T1590.005 Keylogging - T1056.001 Keylogging - T1417.001 Malicious File - T1204.002 Malicious Link - T1204.001 Malware - T1587.001 Malware - T1588.001 Mark-Of-The-Web Bypass - T1553.005 Obfuscated Files Or Information - T1406 Phishing - T1660 Phishing - T1566 Python - T1059.006 Registry Run Keys / Startup Folder - T1547.001 Scheduled Task - T1053.005 Scheduled Task/Job - T1603 Software Packing - T1027.002 Software Packing - T1406.002 Spearphishing Link - T1566.002 Spearphishing Link - T1598.003 Stage Capabilities - T1608 Steal Web Session Cookie - T1539 Steganography - T1001.002 Steganography - T1406.001 Steganography - T1027.003 Subvert Trust Controls - T1632 Subvert Trust Controls - T1553 Video Capture - T1512 Upload Malware - T1608.001 Deobfuscate/Decode Files Or Information - T1140 Exfiltration Over Command And Control Channel - T1041 Hidden Files And Directories - T1158 Input Capture - T1056 Standard Non-Application Layer Protocol - T1095 Obfuscated Files Or Information - T1027 Registry Run Keys / Start Folder - T1060 Scheduled Task - T1053 Software Packing - T1045 Spearphishing Link - T1192 Video Capture - T1125 User Execution - T1204 User Execution

Show in Graph

Common Information

Type	Value
UUID	b3edc738-3ef6-48d5-bc79-ba75bbaeb898
Fingerprint	38bc8bdf094907e8
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 5, 2024, midnight
Added to db	Sept. 5, 2024, 5:48 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar
Title	BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar
Detected Hints/Tags/Attributes	142/4/73

Source URLs

	Redirection	Url
Details	Source	https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar
Details	Source	https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar?&web_view=true

URL Provider

Details	Provider	Source level domain
Details	zscaler.com	www.zscaler.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	99	✔	Cyware News - Latest Cyber News	https://cyware.com/allnews/feed	2024-08-30 22:08
Details	406	✔	Security Research \| Blog Category Feed	https://www.zscaler.com/blogs/feeds/security-research	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	4	gov.co
Details	Domain	358	pastebin.com
Details	Domain	4	edificiobaldeares.linkpc.net
Details	Domain	71	aes.new
Details	Domain	3	equipo.linkpc.net
Details	Domain	3	perfect5.publicvm.com
Details	Domain	3	perfect8.publicvm.com
Details	Domain	1	html.malurl.gen.nc
Details	Domain	1	html.malurl.gen.tt
Details	Domain	1	win32.backdoor.asyncrat.bs
Details	Domain	1	win32.backdoor.dcrat.bs
Details	Domain	1	win32.backdoor.nanocore.bs
Details	Domain	1	win32.backdoor.njrat.bs
Details	Domain	1	win32.backdoor.remcosrat.bs
Details	Domain	1	win32.backdoor.smokeloader.bs
Details	File	2	simplelogin.dll
Details	File	3	gamma.dll
Details	File	5	tyrone.dll
Details	File	69	client.exe
Details	File	66	settings.xml
Details	File	4	perfect5.pub
Details	File	4	perfect8.pub
Details	File	4	backdoor.dcr
Details	md5	2	a73057824a65a5ac982e298a80febf61
Details	md5	2	bd4505316254f00329431fb8b2888643
Details	md5	2	d2fc372302180fbabe18c425aa4a0a72
Details	md5	2	c944cb638364c74431bf1dbe7dd329ff
Details	md5	2	64e6ad512eff12e971efdd8979086c5c
Details	md5	2	a1f5091ad4e12f922a8e760e0980ab66
Details	md5	2	ad578125b337168c976ff5e7e1b190b8
Details	md5	2	e21b4c9d9da81deea2381f9b988b0f99
Details	md5	2	07f661aeeb0774f0cb84b0a5e970c2a5
Details	md5	2	c4a946903cc9e9a84763ac1731cdd7dd
Details	md5	2	75a40cc019c39e3c2800fb2fe5aba1d3
Details	md5	2	0fa40788b75896a452398b6a49cc62b6
Details	md5	2	59a4f7aed1e3a0718592fb536e987a1d
Details	md5	2	456211df625002df378cf0f4af9d1a6f
Details	md5	2	0f35306ad4fede9a9ba0276a5e788138
Details	md5	2	6044b126afb86682b4a3440e2924c079
Details	md5	2	b432e8ff5797fbaf5808d95d46524647
Details	md5	2	a31ff54f33ced7b4180f87afb18185a7
Details	md5	2	e3239ac16c6fe9c99d6fac0867121a88
Details	md5	2	2784a9fc64d244b14e7d8e4d03f41265
Details	md5	2	3125ae6b1462b0b48dc06bc47d8ddbc7
Details	md5	3	b83f6c57aa04dab955fadcef6e1f4139
Details	sha1	3	a68cac786b47575a0d747282ace9a4c75e73504d
Details	sha256	3	ec2dd6753e42f0e0b173a98f074aa41d2640390c163ae77999eb6c10ff7e2ebd
Details	IPv4	3	69.167.8.118
Details	MITRE ATT&CK Techniques	82	T1583.001
Details	MITRE ATT&CK Techniques	19	T1586.002
Details	MITRE ATT&CK Techniques	96	T1587.001
Details	MITRE ATT&CK Techniques	49	T1608.001
Details	MITRE ATT&CK Techniques	183	T1566.002
Details	MITRE ATT&CK Techniques	365	T1204.002
Details	MITRE ATT&CK Techniques	106	T1204.001
Details	MITRE ATT&CK Techniques	380	T1547.001
Details	MITRE ATT&CK Techniques	275	T1053.005
Details	MITRE ATT&CK Techniques	298	T1562.001
Details	MITRE ATT&CK Techniques	94	T1564.001
Details	MITRE ATT&CK Techniques	26	T1027.003
Details	MITRE ATT&CK Techniques	40	T1027.009
Details	MITRE ATT&CK Techniques	13	T1027.013
Details	MITRE ATT&CK Techniques	25	T1553.005
Details	MITRE ATT&CK Techniques	160	T1027.002
Details	MITRE ATT&CK Techniques	504	T1140
Details	MITRE ATT&CK Techniques	118	T1056.001
Details	MITRE ATT&CK Techniques	99	T1539
Details	MITRE ATT&CK Techniques	11	T1056.002
Details	MITRE ATT&CK Techniques	159	T1095
Details	MITRE ATT&CK Techniques	422	T1041
Details	MITRE ATT&CK Techniques	276	T1490
Details	Threat Actor Identifier - APT-C	83	APT-C-36
Details	Threat Actor Identifier - APT-Q	11	APT-Q-98