APT-C-36 (Threat Actor)

SYMBOL	COMMON_NAME	aka. SYNONYMS

APT-C-36 (Back to overview)

aka: Blind Eagle

Since April 2018, an APT group (Blind Eagle, APT-C-36) suspected coming from South America carried out continuous targeted attacks against Colombian government institutions as well as important corporations in financial sector, petroleum industry, professional manufacturing, etc.

Associated Families

win.imminent_monitor_rat win.limerat

References

2023-03-28 ⋅ ANY.RUN ⋅ ANY.RUN
LimeRAT Malware Analysis: Extracting the Config
LimeRAT

2023-02-27 ⋅ Blackberry ⋅ BlackBerry Research & Intelligence Team
Blind Eagle Deploys Fake UUE Files and Fsociety to Target Colombia's Judiciary, Financial, Public, and Law Enforcement Entities
AsyncRAT APT-C-36

2023-01-05 ⋅ Check Point Research ⋅ Marc Salinas Fernandez
Blindeagle Targeting Ecuador with Sharpened Tools
APT-C-36

2023-01-01 ⋅ ThreatMon ⋅ Seyit Sigirci (@h3xecute), ThreatMon Malware Research Team
APT Blind Eagles Malware Arsenal Technical Analysis
LimeRAT

2022-12-12 ⋅ Felipe Tarijon ⋅ Felipe Tarijon
LimeRAT Malware Is Used For Targeting Unskilled Threat Actors
LimeRAT

2022-07-13 ⋅ Trellix ⋅ Mohsin Dalla, Sushant Kumar Arya
Targeted Attack on Government Agencies
AsyncRAT LimeRAT

2022-05-19 ⋅ Blackberry ⋅ The BlackBerry Research & Intelligence Team
.NET Stubs: Sowing the Seeds of Discord (PureCrypter)
Aberebot AbstractEmu AdoBot 404 Keylogger Agent Tesla Amadey AsyncRAT Ave Maria BitRAT BluStealer Formbook LimeRAT Loki Password Stealer (PWS) Nanocore RAT Orcus RAT Quasar RAT Raccoon RedLine Stealer WhisperGate

2022-04-05 ⋅ Cisco Talos ⋅ Alex Karkins, Edmund Brumaghin
Threat Spotlight: AsyncRAT campaigns feature new version of 3LOSH crypter
AsyncRAT LimeRAT

2022-03-23 ⋅ ⋅ EcuCert ⋅ EcuCert
APT-C-36 Advanced Persistent Threat Campaign Could be present in Ecuador
NjRAT APT-C-36

2022-02-26 ⋅ Atomic Matryoshka ⋅ z3r0day_504
Infographic: APTs in South America
Imminent Monitor RAT Machete

2021-10-26 ⋅ Kaspersky ⋅ Kaspersky Lab ICS CERT
APT attacks on industrial organizations in H1 2021
8.t Dropper AllaKore AsyncRAT GoldMax LimeRAT NjRAT NoxPlayer Raindrop ReverseRAT ShadowPad Zebrocy

2021-09-20 ⋅ Trend Micro ⋅ Aliakbar Zahravi, William Gamazo Sanchez
Water Basilisk Uses New HCrypt Variant to Flood Victims with RAT Payloads
Ave Maria BitRAT LimeRAT Nanocore RAT NjRAT Quasar RAT

2021-09-13 ⋅ Trend Micro ⋅ Daniel Lunghi, Jaromír Hořejší
APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs (IOCs)
AsyncRAT Ave Maria BitRAT Imminent Monitor RAT LimeRAT NjRAT Remcos

2021-09-13 ⋅ Trend Micro ⋅ Daniel Lunghi, Jaromír Hořejší
APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs
AsyncRAT Ave Maria BitRAT Imminent Monitor RAT LimeRAT NjRAT Remcos

2021-09-13 ⋅ Trend Micro ⋅ Daniel Lunghi, Jaromír Hořejší
APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs
APT-C-36

2021-05-19 ⋅ ⋅ Politie NL ⋅ Politie NL
Aanhouding in onderzoek naar cybercrime
Imminent Monitor RAT

2021-05-17 ⋅ Lab52 ⋅ Th3spis
Literature lover targeting Colombia with LimeRAT
LimeRAT

2021-03-16 ⋅ Morphisec ⋅ Nadav Lorber
Tracking HCrypt: An Active Crypter as a Service
AsyncRAT LimeRAT Remcos

2020-10-05 ⋅ Juniper ⋅ Paul Kimayong
New pastebin-like service used in multiple malware campaigns
Agent Tesla LimeRAT RedLine Stealer

2020-05-05 ⋅ MITRE ATT&CK ⋅ Jose Luis Sánchez Martínez
APT-C-36
APT-C-36

2020-02-13 ⋅ Qianxin ⋅ Qi Anxin Threat Intelligence Center
APT Report 2019
Chrysaor Exodus Dacls VPNFilter DNSRat Griffon KopiLuwak More_eggs SQLRat AppleJeus BONDUPDATER Agent.BTZ Anchor AndroMut AppleJeus BOOSTWRITE Brambul Carbanak Cobalt Strike Dacls DistTrack DNSpionage Dtrack ELECTRICFISH FlawedAmmyy FlawedGrace Get2 Grateful POS HOPLIGHT Imminent Monitor RAT jason Joanap KerrDown KEYMARBLE Lambert LightNeuron LoJax MiniDuke PolyglotDuke PowerRatankba Rising Sun SDBbot ServHelper Snatch Stuxnet TinyMet tRat TrickBot Volgmer X-Agent Zebrocy

2020-01-31 ⋅ ReversingLabs ⋅ Robert Simmons
RATs in the Library: Remote Access Trojans Hide in Plain "Public" Site
CyberGate LimeRAT NjRAT Quasar RAT Revenge RAT

2020-01-15 ⋅ Lab52 ⋅ ml10
APT-C-36 recent activity analysis
LimeRAT APT-C-36

2020-01-09 ⋅ The State of Security ⋅ Graham Clueley
Man jailed for using webcam RAT to spy on women in their bedrooms
Imminent Monitor RAT

2020-01-01 ⋅ Secureworks ⋅ SecureWorks
COBALT TRINITY
POWERTON pupy Imminent Monitor RAT Koadic Nanocore RAT NetWire RC PoshC2 APT33

2019-12-02 ⋅ Palo Alto Networks Unit 42 ⋅ Unit 42
Imminent Monitor – a RAT Down Under
Imminent Monitor RAT

2019-10-16 ⋅ LimeRat
LimeRat
LimeRAT

2019-06-24 ⋅ Github (NYAN-x-CAT) ⋅ NYAN-x-CAT
LimeRAT | Simple, yet powerful remote administration tool for Windows (RAT)
LimeRAT

2019-04-09 ⋅ Yoroi ⋅ Luca Mella, Luigi Martire
LimeRAT spreads in the wild
LimeRAT

2019-02-18 ⋅ 360 Threat Intelligence ⋅ Anxin Threat Intelligence Center
APT-C-36: Continuous Attacks Targeting Colombian Government Institutions and Corporations
Imminent Monitor RAT APT-C-36

2016-01-23 ⋅ LinkCabin ⋅ LinkCabin
Imminent Monitor 4 RAT Analysis – A Glance
Imminent Monitor RAT

Credits: MISP Project