New BianLian Ransomware Activity Detected: SVG Phishing Campaign Targeting Venezuelan Companies

WatchGuard telemetry identified a phishing campaign distributing malicious SVG attachments in Spanish that, when opened, fetch a Go-based Windows executable linked to BianLian ransomware. The campaign leverages ja.cat shortened URLs and vulnerable redirector domains (Brazil-based) to host payloads, targets victims primarily in Venezuela (with earlier activity in Colombia), and uses anti-analysis techniques, Wine detection, AES assembly routines, and dynamic API loading; provided IoCs include several domains such as contabilidad.icu and documentodigital.cloud.