BlindEagle Deploys Caminho and DCRAT

### Executive summary: This report analyzes a targeted phishing campaign by ‘BlindEagle’ that uses a clickable SVG to deliver obfuscated JavaScript and PowerShell which load the Caminho loader in memory and ultimately deploy the DCRAT remote-access trojan via process hollowing; the analysis includes deobfuscation methods, sample code fragments, a Discord-hosted payload URL, and a list of C2 hosts tied to the embedded certificate.