← All Threat Actors
Threat Actor Profile

APT-C-36

AguilaCiega APT-Q-98 Blind Eagle G0099 TAG-144
▲ High Threat
Since April 2018, an APT group (Blind Eagle, APT-C-36) suspected coming from South America carried out continuous targeted attacks against Colombian government institutions as well as important corporations in financial sector, petroleum industry, professional manufacturing, etc.
Origin
Motivation Espionage

Target Sectors

Petroleum Manufacturing Financial Private sector Government

Known TTPs

Domains
Malicious File
Written Content
Junk Code Insertion
Windows Management Instrumentation
JavaScript
Impersonation
Malware
Botnet
Web Services
Masquerade Task or Service
Encrypted/Encoded File
Tool
Malware
Obfuscated Files or Information
Match Legitimate Resource Name or Location
Internal Spearphishing
Malicious Link
Audio-Visual Content
Email Accounts
Scheduled Task
Execution Guardrails
Spearphishing Link
External Remote Services
Virtual Private Server
Ingress Tool Transfer
Upload Malware
Steganography
Visual Basic
Dynamic Resolution
Hidden Window
Non-Standard Port
Cloud Accounts
Search Open Websites/Domains
Spearphishing Attachment
Process Hollowing
PowerShell
DLL

External Resources

CISA Advisories ↗

Related Intelligence

Hacking the mainframe…

LINK COPIED TO CLIPBOARD