← threatfilter.dev / all groups / APT-C-36

APT-C-36

Also known as: Blind Eagle · TAG-144 · AguilaCiega · APT-Q-98

Overview

APT-C-36 is a suspected South American threat group that has engaged in espionage and financially motivated operations since at least 2018. APT-C-36 has targeted government institutions and entities in the financial, energy, and professional manufacturing sectors across Colombia and other Latin American countries.

Targets

Finance · Government · Manufacturing · Petroleum · Private sector

Regions

Chile · Colombia · Ecuador · Panama · Spain

Capabilities

Custom malware/implant development — ATT&CK: 4 attributed custom malware families

TTPs — 38 techniques across 8 tactics

Reconnaissance

T1593 Search Open Websites/Domains

Resource Development

T1583.001 Domains
T1583.003 Virtual Private Server
T1583.006 Web Services
T1584.005 Botnet
T1586.002 Email Accounts
T1586.003 Cloud Accounts
T1587.001 Malware
T1588.001 Malware
T1588.002 Tool
T1608.001 Upload Malware
T1683.001 Written Content
T1683.002 Audio-Visual Content

Command and Control

Tools & malware (9)

njRAT · Imminent Monitor · DCRAT · PureCrypter · Caminho · Remcos · AsyncRAT · QuasarRAT · HeartCrypt

Reporting (3)

TAG-144’s Persistent Grip on South American Organizations — Insikt Group
Blind Eagle: …And Justice for All — Check Point Research
BlindEagle flying high in Latin America — Global Research & Analysis Team, Kaspersky

Overview

Targets

Regions

Capabilities

TTPs — 38 techniques across 8 tactics

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Stealth

Lateral Movement

Command and Control

Tools & malware (9)

Reporting (3)