SYMBOLCOMMON_NAMEaka. SYNONYMS

El Machete  (Back to overview)

aka: Machete, machete-apt, APT-C-43, G0095

El Machete is one of these threats that was first publicly disclosed and named by Kaspersky here. We’ve found that this group has continued to operate successfully, predominantly in Latin America, since 2014. All attackers simply moved to new C2 infrastructure, based largely around dynamic DNS domains, in addition to making minimal changes to the malware in order to evade signature-based detection.


Associated Families
py.lokirat py.pyark win.elmachete_dropper_2022

References
2022-03-31Check Point Research
@online{research:20220331:statesponsored:d8ce198, author = {Check Point Research}, title = {{State-sponsored Attack Groups Capitalise on Russia-Ukraine War for Cyber Espionage}}, date = {2022-03-31}, url = {https://research.checkpoint.com/2022/state-sponsored-attack-groups-capitalise-on-russia-ukraine-war-for-cyber-espionage/}, language = {English}, urldate = {2022-04-05} } State-sponsored Attack Groups Capitalise on Russia-Ukraine War for Cyber Espionage
Loki RAT El Machete APT Backdoor Dropper Lyceum .NET DNS Backdoor Lyceum .NET TCP Backdoor Lyceum Golang HTTP Backdoor
2020-09-25360 Total Securitykate
@online{kate:20200925:aptc43:15a3501, author = {kate}, title = {{APT-C-43 steals Venezuelan military secrets to provide intelligence support for the reactionaries - HpReact campaign}}, date = {2020-09-25}, organization = {360 Total Security}, url = {https://blog.360totalsecurity.com/en/apt-c-43-steals-venezuelan-military-secrets-to-provide-intelligence-support-for-the-reactionaries-hpreact-campaign/}, language = {English}, urldate = {2020-10-02} } APT-C-43 steals Venezuelan military secrets to provide intelligence support for the reactionaries - HpReact campaign
PyArk El Machete
2019-09-13MITREMITRE ATT&CK
@online{attck:20190913:machete:bc6c8e1, author = {MITRE ATT&CK}, title = {{Machete}}, date = {2019-09-13}, organization = {MITRE}, url = {https://attack.mitre.org/groups/G0095/}, language = {English}, urldate = {2022-07-13} } Machete
El Machete
2019Council on Foreign RelationsCyber Operations Tracker
@online{tracker:2019:machete:21fb984, author = {Cyber Operations Tracker}, title = {{Machete}}, date = {2019}, organization = {Council on Foreign Relations}, url = {https://www.cfr.org/interactive/cyber-operations/machete}, language = {English}, urldate = {2019-12-20} } Machete
El Machete
2017-03-22CylanceThreat Research Team
@online{team:20170322:el:34c3561, author = {Threat Research Team}, title = {{El Machete's Malware Attacks Cut Through LATAM}}, date = {2017-03-22}, organization = {Cylance}, url = {https://threatvector.cylance.com/en_us/home/el-machete-malware-attacks-cut-through-latam.html}, language = {English}, urldate = {2019-10-30} } El Machete's Malware Attacks Cut Through LATAM
El Machete
2017-03-22CylanceCylance Threat Research Team
@online{team:20170322:el:59e85c5, author = {Cylance Threat Research Team}, title = {{El Machete's Malware Attacks Cut Through LATAM}}, date = {2017-03-22}, organization = {Cylance}, url = {https://www.cylance.com/en_us/blog/el-machete-malware-attacks-cut-through-latam.html}, language = {English}, urldate = {2020-01-07} } El Machete's Malware Attacks Cut Through LATAM
Machete El Machete
2014-08-20Kaspersky LabsGReAT
@online{great:20140820:el:c4534ec, author = {GReAT}, title = {{“El Machete”}}, date = {2014-08-20}, organization = {Kaspersky Labs}, url = {https://securelist.com/el-machete/66108/}, language = {English}, urldate = {2019-12-20} } “El Machete”
Machete El Machete

Credits: MISP Project