APT-C-36 (Blind Eagle) continues to target Colombia

Dec. 17, 2024, 4:34 p.m.

Description

APT-C-36, known as Blind Eagle, is suspected to originate from South America and primarily targets Colombia and other South American countries. Since October 2024, the group has been using more diverse and complex attack methods against Colombian entities. Their tactics involve multi-stage payload delivery and injection, memory execution to conceal traces, and anti-debugging techniques. The attack process includes using SVG files as bait, impersonating Colombian government communications, and ultimately deploying the AsyncRAT client for remote control. The group's technical capabilities have notably improved, incorporating techniques like 'Heaven's Gate' to evade analysis.

External References

https://mp.weixin.qq.com/s?__biz=MzUyMjk4NzExMA==&mid=2247505396&idx=1&sn=246dc14d6334adef35ae64237bc03119&chksm=f9c1e6fdceb66feb102cd7cdaeb097939c3546087711631b6762c065743c24d62d2d1d0850b1&scene=178&cur_album_id=1955835290309230595
https://otx.alienvault.com/pulse/67619faa513ed3bcc0ea5a8b
Tags
asyncrat
2024-12-17
svg bait
heaven's gate
government impersonation

Date

  • Created: Dec. 17, 2024, 3:58 p.m.
  • Published: Dec. 17, 2024, 3:58 p.m.
  • Modified: Dec. 17, 2024, 4:34 p.m.

Indicators

  • 95b538b47e02d0ad2bd15d47efc18695d5e379ef61568b81ef405773d9c199bb
  • b7d3bc460a17e1b43c9ff09786e44ea4033710538bdb539400b55e5b80d0b338
  • 69a90665113bd73b30360d87f7f6ed2c789a90a67f3b6e86474e21273a64f699
  • warpower.dynuddns.net
Download all indicators here!

Attack Patterns

  • AsyncRAT
  • APT-C-36 (Blind Eagle)

Additional Informations

  • Insurance
  • Finance
  • Government
  • Panama
  • Chile
  • Colombia
  • Ecuador