🇨🇴
APT-C-36
APT Group
Information theft and espionage
Financial crime
5 zero-day CVEs
ETDA ✓
Also Known As 1 names
Blind Eagle
Target Countries 9
Countries highlighted in red
Chile
Colombia
Ecuador
Spain
Israel
Mexico
Netherlands
Panama
United States
Sectors Targeted
Public Administration
92
Accommodation and Food Services
72
Healthcare
Manufacturing
Oil and Gas Extraction
211
NAICS:44
44
Utilities
22
Private sector
large domestic companies and multinational corporation branches
Space Research and Technology
927
NAICS:31
31
Textile Mills
313
Professional, Scientific, and Technical Services
54
Government
NAICS:48
48
Other Services (except Public Administration)
81
Petroleum
Energy
Telecommunications
517
Insurance Carriers and Related Activities
524
Food Services and Drinking Places
722
Educational Services
61
Transportation
Health Care and Social Assistance
62
Financial
Finance and Insurance
52
Education
Details
Origin
🇨🇴 CO
Last Updated
01 Jun 2022
Malware Families 14
dilljuice
hermeticwiper
Revenge-RAT
Vantom
limerat
houdini
karagany
win.phantomvai
remcom
imminent_monitor_rat
H-worm
dubrute
revenge_rat
adwind
MITRE ATT&CK 131
T1001 - Data Obfuscation
T1003 - OS Credential Dumping
T1005 - Data from Local System
T1007 - System Service Discovery
T1011 - Exfiltration Over Other Network Medium
T1012 - Query Registry
T1014 - Rootkit
T1016 - System Network Configuration Discovery
T1018 - Remote System Discovery
T1027 - Obfuscated Files or Information
T1027.003
T1027.013
T1027.016
T1033 - System Owner/User Discovery
T1036 - Masquerading
T1036.004
T1036.005
T1041 - Exfiltration Over C2 Channel
T1047
T1049 - System Network Connections Discovery
T1053 - Scheduled Task/Job
T1053.005 - Scheduled Task
T1055 - Process Injection
T1055.003 - Thread Execution Hijacking
T1055.012
T1056 - Input Capture
T1056.001 - Keylogging
T1057 - Process Discovery
T1059 - Command and Scripting Interpreter
T1059.001 - PowerShell
T1059.005 - Visual Basic
T1059.007
T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Web Protocols
T1073
T1078 - Valid Accounts
T1082 - System Information Discovery
T1083 - File and Directory Discovery
T1087
T1090 - Proxy
T1095 - Non-Application Layer Protocol
T1098
T1102 - Web Service
T1104
T1105 - Ingress Tool Transfer
T1110
T1112 - Modify Registry
T1113 - Screen Capture
T1132 - Data Encoding
T1133
T1134 - Access Token Manipulation
T1140 - Deobfuscate/Decode Files or Information
T1189 - Drive-by Compromise
T1190 - Exploit Public-Facing Application
T1192
T1193
T1203 - Exploitation for Client Execution
T1204 - User Execution
T1204.001
T1204.002
T1205 - Traffic Signaling
T1218
T1218.009
T1415 - URL Scheme Hijacking
T1416 - URI Hijacking
T1480
T1486 - Data Encrypted for Impact
T1490
T1497 - Virtualization/Sandbox Evasion
T1498
T1531
T1534
T1542 - Pre-OS Boot
T1547 - Boot or Logon Autostart Execution
T1547.001
T1548 - Abuse Elevation Control Mechanism
T1553
T1557
T1562
T1564 - Hide Artifacts
T1564.001
T1564.003
T1566 - Phishing
T1566.001
T1566.002
T1567 - Exfiltration Over Web Service
T1568 - Dynamic Resolution
T1571 - Non-Standard Port
T1573 - Encrypted Channel
T1574
T1574.001
T1583 - Acquire Infrastructure
T1583.001
T1583.003 - Virtual Private Server
T1583.005
T1583.006
T1584 - Compromise Infrastructure
T1584.001
T1584.005
T1586
T1586.002
T1586.003
T1587
T1587.001
T1587.003
T1588 - Obtain Capabilities
T1588.001
T1588.002 - Tool
T1593
T1595
T1598 - Phishing for Information
T1608 - Stage Capabilities
T1608.001 - Upload Malware
T1608.004
T1683
T1683.001
T1683.002
T1684
T1684.001
TA0002 - Execution
TA0003 - Persistence
TA0004 - Privilege Escalation
TA0005 - Defense Evasion
TA0007 - Discovery
TA0011 - Command and Control
TA0029 - Privilege Escalation
TA0030 - Defense Evasion
TA0034 - Impact
TA0037 - Command and Control
TA0040 - Impact