Today > vulnerabilities   -   You can now download lists of IOCs here!

APT-C-36 (Blind Eagle) continues to target Colombia

Dec. 17, 2024, 4:34 p.m.

Tags
asyncrat
2024-12-17
svg bait
heaven's gate
government impersonation
External References
Description

APT-C-36, known as Blind Eagle, is suspected to originate from South America and primarily targets Colombia and other South American countries. Since October 2024, the group has been using more diverse and complex attack methods against Colombian entities. Their tactics involve multi-stage payload delivery and injection, memory execution to conceal traces, and anti-debugging techniques. The attack process includes using SVG files as bait, impersonating Colombian government communications, and ultimately deploying the AsyncRAT client for remote control. The group's technical capabilities have notably improved, incorporating techniques like 'Heaven's Gate' to evade analysis.

Date

Published: Dec. 17, 2024, 3:58 p.m.

Created: Dec. 17, 2024, 3:58 p.m.

Modified: Dec. 17, 2024, 4:34 p.m.

Indicators

95b538b47e02d0ad2bd15d47efc18695d5e379ef61568b81ef405773d9c199bb

b7d3bc460a17e1b43c9ff09786e44ea4033710538bdb539400b55e5b80d0b338

69a90665113bd73b30360d87f7f6ed2c789a90a67f3b6e86474e21273a64f699

warpower.dynuddns.net

Download all indicators here!

Attack Patterns

AsyncRAT

APT-C-36 (Blind Eagle)

T1218.005

T1059.003

T1012

T1497

T1056.001

T1555

T1113

T1204.002

T1573

T1547

T1106

T1082

T1057

T1083

T1055

T1036

T1140

T1132

T1027

Additional Informations

Insurance

Finance

Government

Panama

Chile

Colombia

Ecuador