APT-C-36

APT-C-36Blind EagleTAG-144AguilaCiegaAPT-Q-98

[APT-C-36](https://attack.mitre.org/groups/G0099) is a suspected South American threat group that has engaged in espionage and financially motivated operations since at least 2018. [APT-C-36](https://attack.mitre.org/groups/G0099) has targeted government institutions and entities in the financial, energy, and professional manufacturing sectors across Colombia and other Latin American countries.(Citation: QiAnXin APT-C-36 Feb2019)(Citation: Kaspersky BlindEagle AUG 2024)(Citation: Check Point Blind Eagle MAR 2025)(Citation: Recorded Future TAG-144 AUG 2025)

Techniques

Covered

Gaps

79%

Coverage

Coverage30/38

GAPS (8)

T1027.016Junk Code Insertion T1583.003Virtual Private Server T1584.005Botnet T1586.002Email Accounts T1593Search Open Websites/Domains T1683.001Written Content T1683.002Audio-Visual Content T1684.001Impersonation

COVERED (30)

T1027Obfuscated Files or Information561 det.T1027.003Steganography5 det.T1027.013Encrypted/Encoded File8 det.T1036.004Masquerade Task or Service7 det.T1036.005Match Legitimate Resource Name or Location44 det.T1047Windows Management Instrumentation87 det.T1053.005Scheduled Task99 det.T1055.012Process Hollowing9 det.T1059.001PowerShell368 det.T1059.005Visual Basic68 det.T1059.007JavaScript61 det.T1105Ingress Tool Transfer183 det.T1133External Remote Services72 det.T1204.001Malicious Link10 det.T1204.002Malicious File425 det.T1480Execution Guardrails1 det.T1534Internal Spearphishing193 det.T1564.003Hidden Window11 det.T1566.001Spearphishing Attachment905 det.T1566.002Spearphishing Link904 det.T1568Dynamic Resolution10 det.T1571Non-Standard Port16 det.T1574.001DLL109 det.T1583.001Domains61 det.T1583.006Web Services1 det.T1586.003Cloud Accounts36 det.T1587.001Malware10 det.T1588.001Malware2 det.T1588.002Tool13 det.T1608.001Upload Malware3 det.