CINXE.COM

APT-C-36, Blind Eagle, Group G0099 | MITRE ATT&CK®

<!DOCTYPE html> <html lang='en'> <head> <script async src="https://www.googletagmanager.com/gtag/js?id=UA-62667723-1"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'UA-62667723-1'); </script> <meta name="google-site-verification" content="2oJKLqNN62z6AOCb0A0IXGtbQuj-lev5YPAHFF_cbHQ"/> <meta charset='utf-8'> <meta name='viewport' content='width=device-width, initial-scale=1, shrink-to-fit=no'> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <link rel='shortcut icon' href="/versions/v9/theme/favicon.ico" type='image/x-icon'> <title>APT-C-36, Blind Eagle, Group G0099 | MITRE ATT&CK&reg;</title> <!-- Bootstrap CSS --> <link rel='stylesheet' href="/versions/v9/theme/style/bootstrap.min.css" /> <link rel='stylesheet' href="/versions/v9/theme/style/bootstrap-glyphicon.min.css" /> <link rel='stylesheet' href="/versions/v9/theme/style/bootstrap-tourist.css" /> <link rel="stylesheet" type="text/css" href="/versions/v9/theme/style.min.css?426cc53a"> </head> <body> <!--stopindex--> <header> <nav class='navbar navbar-expand-lg navbar-dark fixed-top'> <a class='navbar-brand' href="/versions/v9/"><img src="/versions/v9/theme/images/mitre_attack_logo.png" class="attack-logo"></a> <button class='navbar-toggler' type='button' data-toggle='collapse' data-target='#navbarCollapse' aria-controls='navbarCollapse' aria-expanded='false' aria-label='Toggle navigation'> <span class='navbar-toggler-icon'></span> </button> <div class='collapse navbar-collapse' id='navbarCollapse'> <ul class='nav nav-tabs ml-auto'> <li class="nav-item"> <a href="/versions/v9/matrices/" class="nav-link" ><b>Matrices</b></a> </li> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="/versions/v9/tactics/" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <b>Tactics</b> </a> <div class="dropdown-menu " aria-labelledby="navbarDropdown"> <a class="dropdown-item" href="/versions/v9/tactics/enterprise/">Enterprise</a> <a class="dropdown-item" href="/versions/v9/tactics/mobile/">Mobile</a> </div> </li> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="/versions/v9/techniques/" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <b>Techniques</b> </a> <div class="dropdown-menu " aria-labelledby="navbarDropdown"> <a class="dropdown-item" href="/versions/v9/techniques/enterprise/">Enterprise</a> <a class="dropdown-item" href="/versions/v9/techniques/mobile/">Mobile</a> </div> </li> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="/versions/v9/mitigations/" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <b>Mitigations</b> </a> <div class="dropdown-menu " aria-labelledby="navbarDropdown"> <a class="dropdown-item" href="/versions/v9/mitigations/enterprise/">Enterprise</a> <a class="dropdown-item" href="/versions/v9/mitigations/mobile/">Mobile</a> </div> </li> <li class="nav-item"> <a href="/versions/v9/groups" class="nav-link" ><b>Groups</b></a> </li> <li class="nav-item"> <a href="/versions/v9/software/" class="nav-link" ><b>Software</b></a> </li> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="/versions/v9/resources/" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <b>Resources</b> </a> <div class="dropdown-menu " aria-labelledby="navbarDropdown"> <a class="dropdown-item" href="/versions/v9/resources/">General Information</a> <a class="dropdown-item" href="/versions/v9/resources/getting-started/">Getting Started</a> <a class="dropdown-item" href="/versions/v9/resources/training/">Training</a> <a class="dropdown-item" href="/versions/v9/resources/attackcon/">ATT&CKcon</a> <a class="dropdown-item" href="/versions/v9/resources/working-with-attack/">Working with ATT&CK</a> <a class="dropdown-item" href="/versions/v9/resources/faq/">FAQ</a> <a class="dropdown-item" href="/resources/updates/">Updates</a> <a class="dropdown-item" href="/resources/versions/">Versions of ATT&CK</a> <a class="dropdown-item" href="/versions/v9/resources/related-projects/">Related Projects</a> </div> </li> <li class="nav-item"> <a href="https://medium.com/mitre-attack/" target="_blank" class="nav-link"> <b>Blog</b>&nbsp; <img src="/versions/v9/theme/images/external-site.svg" alt="External site" class="external-icon" /> </a> </li> <li class="nav-item"> <a href="/versions/v9/resources/contribute/" class="nav-link" ><b>Contribute</b></a> </li> <li class="nav-item"> <button id="search-button" class="btn search-button">Search <div class="search-icon"></div></button> </li> </ul> </div> </nav> </header> <!-- don't edit or remove the line below even though it's commented out, it gets parsed and replaced by the versioning feature --> <div class="container-fluid version-banner"><div class="icon-inline baseline mr-1"><img src="/versions/v9/theme/images/icon-warning-24px.svg"></div>Currently viewing <a href="https://github.com/mitre/cti/releases/tag/ATT%26CK-v9.0" target="_blank">ATT&CK v9.0</a> which was live between April 29, 2021 and October 20, 2021. <a href="/resources/versions/">Learn more about the versioning system</a> or <a href="/">see the live site</a>.</div> <div id='content' class="maincontent"> <!--start-indexing-for-search--> <div class='container-fluid h-100'> <div class='row h-100'> <div class="nav flex-column col-xl-2 col-lg-3 col-md-3 sidebar nav pt-5 pb-3 pl-3 border-right" id="v-tab" role="tablist" aria-orientation="vertical"> <!--stop-indexing-for-search--> <div class="group-nav-desktop-view"> <span class="heading" id="v-home-tab" aria-selected="false">GROUPS</span> <div class="sidenav"> <div class="sidenav-head" id="0-0"> <a href="/versions/v9/groups/"> Overview </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="admin@338-admin@338"> <a href="/versions/v9/groups/G0018/"> admin@338 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Ajax Security Team-Ajax Security Team"> <a href="/versions/v9/groups/G0130/"> Ajax Security Team </a> </div> </div> <div class="sidenav"> <div class="sidenav-head active" id="APT-C-36-APT-C-36"> <a href="/versions/v9/groups/G0099/"> APT-C-36 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="APT1-APT1"> <a href="/versions/v9/groups/G0006/"> APT1 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="APT12-APT12"> <a href="/versions/v9/groups/G0005/"> APT12 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="APT16-APT16"> <a href="/versions/v9/groups/G0023/"> APT16 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="APT17-APT17"> <a href="/versions/v9/groups/G0025/"> APT17 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="APT18-APT18"> <a href="/versions/v9/groups/G0026/"> APT18 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="APT19-APT19"> <a href="/versions/v9/groups/G0073/"> APT19 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="APT28-APT28"> <a href="/versions/v9/groups/G0007/"> APT28 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="APT29-APT29"> <a href="/versions/v9/groups/G0016/"> APT29 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="APT3-APT3"> <a href="/versions/v9/groups/G0022/"> APT3 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="APT30-APT30"> <a href="/versions/v9/groups/G0013/"> APT30 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="APT32-APT32"> <a href="/versions/v9/groups/G0050/"> APT32 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="APT33-APT33"> <a href="/versions/v9/groups/G0064/"> APT33 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="APT37-APT37"> <a href="/versions/v9/groups/G0067/"> APT37 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="APT38-APT38"> <a href="/versions/v9/groups/G0082/"> APT38 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="APT39-APT39"> <a href="/versions/v9/groups/G0087/"> APT39 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="APT41-APT41"> <a href="/versions/v9/groups/G0096/"> APT41 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Axiom-Axiom"> <a href="/versions/v9/groups/G0001/"> Axiom </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BlackOasis-BlackOasis"> <a href="/versions/v9/groups/G0063/"> BlackOasis </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BlackTech-BlackTech"> <a href="/versions/v9/groups/G0098/"> BlackTech </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Blue Mockingbird-Blue Mockingbird"> <a href="/versions/v9/groups/G0108/"> Blue Mockingbird </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Bouncing Golf-Bouncing Golf"> <a href="/versions/v9/groups/G0097/"> Bouncing Golf </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BRONZE BUTLER-BRONZE BUTLER"> <a href="/versions/v9/groups/G0060/"> BRONZE BUTLER </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Carbanak-Carbanak"> <a href="/versions/v9/groups/G0008/"> Carbanak </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Chimera-Chimera"> <a href="/versions/v9/groups/G0114/"> Chimera </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Cleaver-Cleaver"> <a href="/versions/v9/groups/G0003/"> Cleaver </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Cobalt Group-Cobalt Group"> <a href="/versions/v9/groups/G0080/"> Cobalt Group </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="CopyKittens-CopyKittens"> <a href="/versions/v9/groups/G0052/"> CopyKittens </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Dark Caracal-Dark Caracal"> <a href="/versions/v9/groups/G0070/"> Dark Caracal </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Darkhotel-Darkhotel"> <a href="/versions/v9/groups/G0012/"> Darkhotel </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="DarkHydrus-DarkHydrus"> <a href="/versions/v9/groups/G0079/"> DarkHydrus </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="DarkVishnya-DarkVishnya"> <a href="/versions/v9/groups/G0105/"> DarkVishnya </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Deep Panda-Deep Panda"> <a href="/versions/v9/groups/G0009/"> Deep Panda </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Dragonfly-Dragonfly"> <a href="/versions/v9/groups/G0035/"> Dragonfly </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Dragonfly 2.0-Dragonfly 2.0"> <a href="/versions/v9/groups/G0074/"> Dragonfly 2.0 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="DragonOK-DragonOK"> <a href="/versions/v9/groups/G0017/"> DragonOK </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Dust Storm-Dust Storm"> <a href="/versions/v9/groups/G0031/"> Dust Storm </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Elderwood-Elderwood"> <a href="/versions/v9/groups/G0066/"> Elderwood </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Equation-Equation"> <a href="/versions/v9/groups/G0020/"> Equation </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Evilnum-Evilnum"> <a href="/versions/v9/groups/G0120/"> Evilnum </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="FIN10-FIN10"> <a href="/versions/v9/groups/G0051/"> FIN10 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="FIN4-FIN4"> <a href="/versions/v9/groups/G0085/"> FIN4 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="FIN5-FIN5"> <a href="/versions/v9/groups/G0053/"> FIN5 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="FIN6-FIN6"> <a href="/versions/v9/groups/G0037/"> FIN6 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="FIN7-FIN7"> <a href="/versions/v9/groups/G0046/"> FIN7 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="FIN8-FIN8"> <a href="/versions/v9/groups/G0061/"> FIN8 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Fox Kitten-Fox Kitten"> <a href="/versions/v9/groups/G0117/"> Fox Kitten </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Frankenstein-Frankenstein"> <a href="/versions/v9/groups/G0101/"> Frankenstein </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="GALLIUM-GALLIUM"> <a href="/versions/v9/groups/G0093/"> GALLIUM </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Gallmaker-Gallmaker"> <a href="/versions/v9/groups/G0084/"> Gallmaker </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Gamaredon Group-Gamaredon Group"> <a href="/versions/v9/groups/G0047/"> Gamaredon Group </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="GCMAN-GCMAN"> <a href="/versions/v9/groups/G0036/"> GCMAN </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="GOLD SOUTHFIELD-GOLD SOUTHFIELD"> <a href="/versions/v9/groups/G0115/"> GOLD SOUTHFIELD </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Gorgon Group-Gorgon Group"> <a href="/versions/v9/groups/G0078/"> Gorgon Group </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Group5-Group5"> <a href="/versions/v9/groups/G0043/"> Group5 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="HAFNIUM-HAFNIUM"> <a href="/versions/v9/groups/G0125/"> HAFNIUM </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Higaisa-Higaisa"> <a href="/versions/v9/groups/G0126/"> Higaisa </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Honeybee-Honeybee"> <a href="/versions/v9/groups/G0072/"> Honeybee </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Inception-Inception"> <a href="/versions/v9/groups/G0100/"> Inception </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Indrik Spider-Indrik Spider"> <a href="/versions/v9/groups/G0119/"> Indrik Spider </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Ke3chang-Ke3chang"> <a href="/versions/v9/groups/G0004/"> Ke3chang </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Kimsuky-Kimsuky"> <a href="/versions/v9/groups/G0094/"> Kimsuky </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Lazarus Group-Lazarus Group"> <a href="/versions/v9/groups/G0032/"> Lazarus Group </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Leafminer-Leafminer"> <a href="/versions/v9/groups/G0077/"> Leafminer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Leviathan-Leviathan"> <a href="/versions/v9/groups/G0065/"> Leviathan </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Lotus Blossom-Lotus Blossom"> <a href="/versions/v9/groups/G0030/"> Lotus Blossom </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Machete-Machete"> <a href="/versions/v9/groups/G0095/"> Machete </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Magic Hound-Magic Hound"> <a href="/versions/v9/groups/G0059/"> Magic Hound </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="menuPass-menuPass"> <a href="/versions/v9/groups/G0045/"> menuPass </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Moafee-Moafee"> <a href="/versions/v9/groups/G0002/"> Moafee </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Mofang-Mofang"> <a href="/versions/v9/groups/G0103/"> Mofang </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Molerats-Molerats"> <a href="/versions/v9/groups/G0021/"> Molerats </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="MuddyWater-MuddyWater"> <a href="/versions/v9/groups/G0069/"> MuddyWater </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Mustang Panda-Mustang Panda"> <a href="/versions/v9/groups/G0129/"> Mustang Panda </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Naikon-Naikon"> <a href="/versions/v9/groups/G0019/"> Naikon </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="NEODYMIUM-NEODYMIUM"> <a href="/versions/v9/groups/G0055/"> NEODYMIUM </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Night Dragon-Night Dragon"> <a href="/versions/v9/groups/G0014/"> Night Dragon </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="OilRig-OilRig"> <a href="/versions/v9/groups/G0049/"> OilRig </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Operation Wocao-Operation Wocao"> <a href="/versions/v9/groups/G0116/"> Operation Wocao </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Orangeworm-Orangeworm"> <a href="/versions/v9/groups/G0071/"> Orangeworm </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Patchwork-Patchwork"> <a href="/versions/v9/groups/G0040/"> Patchwork </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="PittyTiger-PittyTiger"> <a href="/versions/v9/groups/G0011/"> PittyTiger </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="PLATINUM-PLATINUM"> <a href="/versions/v9/groups/G0068/"> PLATINUM </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Poseidon Group-Poseidon Group"> <a href="/versions/v9/groups/G0033/"> Poseidon Group </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="PROMETHIUM-PROMETHIUM"> <a href="/versions/v9/groups/G0056/"> PROMETHIUM </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Putter Panda-Putter Panda"> <a href="/versions/v9/groups/G0024/"> Putter Panda </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Rancor-Rancor"> <a href="/versions/v9/groups/G0075/"> Rancor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Rocke-Rocke"> <a href="/versions/v9/groups/G0106/"> Rocke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="RTM-RTM"> <a href="/versions/v9/groups/G0048/"> RTM </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Sandworm Team-Sandworm Team"> <a href="/versions/v9/groups/G0034/"> Sandworm Team </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Scarlet Mimic-Scarlet Mimic"> <a href="/versions/v9/groups/G0029/"> Scarlet Mimic </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Sharpshooter-Sharpshooter"> <a href="/versions/v9/groups/G0104/"> Sharpshooter </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Sidewinder-Sidewinder"> <a href="/versions/v9/groups/G0121/"> Sidewinder </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Silence-Silence"> <a href="/versions/v9/groups/G0091/"> Silence </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Silent Librarian-Silent Librarian"> <a href="/versions/v9/groups/G0122/"> Silent Librarian </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SilverTerrier-SilverTerrier"> <a href="/versions/v9/groups/G0083/"> SilverTerrier </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Sowbug-Sowbug"> <a href="/versions/v9/groups/G0054/"> Sowbug </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Stealth Falcon-Stealth Falcon"> <a href="/versions/v9/groups/G0038/"> Stealth Falcon </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Stolen Pencil-Stolen Pencil"> <a href="/versions/v9/groups/G0086/"> Stolen Pencil </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Strider-Strider"> <a href="/versions/v9/groups/G0041/"> Strider </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Suckfly-Suckfly"> <a href="/versions/v9/groups/G0039/"> Suckfly </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="TA459-TA459"> <a href="/versions/v9/groups/G0062/"> TA459 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="TA505-TA505"> <a href="/versions/v9/groups/G0092/"> TA505 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="TA551-TA551"> <a href="/versions/v9/groups/G0127/"> TA551 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Taidoor-Taidoor"> <a href="/versions/v9/groups/G0015/"> Taidoor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="TEMP.Veles-TEMP.Veles"> <a href="/versions/v9/groups/G0088/"> TEMP.Veles </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="The White Company-The White Company"> <a href="/versions/v9/groups/G0089/"> The White Company </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Threat Group-1314-Threat Group-1314"> <a href="/versions/v9/groups/G0028/"> Threat Group-1314 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Threat Group-3390-Threat Group-3390"> <a href="/versions/v9/groups/G0027/"> Threat Group-3390 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Thrip-Thrip"> <a href="/versions/v9/groups/G0076/"> Thrip </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Tropic Trooper-Tropic Trooper"> <a href="/versions/v9/groups/G0081/"> Tropic Trooper </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Turla-Turla"> <a href="/versions/v9/groups/G0010/"> Turla </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Volatile Cedar-Volatile Cedar"> <a href="/versions/v9/groups/G0123/"> Volatile Cedar </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Whitefly-Whitefly"> <a href="/versions/v9/groups/G0107/"> Whitefly </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Windigo-Windigo"> <a href="/versions/v9/groups/G0124/"> Windigo </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Windshift-Windshift"> <a href="/versions/v9/groups/G0112/"> Windshift </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Winnti Group-Winnti Group"> <a href="/versions/v9/groups/G0044/"> Winnti Group </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="WIRTE-WIRTE"> <a href="/versions/v9/groups/G0090/"> WIRTE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Wizard Spider-Wizard Spider"> <a href="/versions/v9/groups/G0102/"> Wizard Spider </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ZIRCONIUM-ZIRCONIUM"> <a href="/versions/v9/groups/G0128/"> ZIRCONIUM </a> </div> </div> </div> <div class="group-nav-mobile-view"> <span class="heading" id="v-home-tab" aria-selected="false">GROUPS</span> <div class="sidenav"> <div class="sidenav-head" id="0-0"> <a href="/versions/v9/groups/"> Overview </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="9bc10ab42f5041809586a8061be87f54"> <span>A-B</span> <div class="expand-button collapsed" id="9bc10ab42f5041809586a8061be87f54-header" data-toggle="collapse" data-target="#9bc10ab42f5041809586a8061be87f54-body" aria-expanded="false" aria-controls="#9bc10ab42f5041809586a8061be87f54-body"></div> </div> <div class="sidenav-body collapse" id="9bc10ab42f5041809586a8061be87f54-body" aria-labelledby="9bc10ab42f5041809586a8061be87f54-header"> <div class="sidenav"> <div class="sidenav-head" id="9bc10ab42f5041809586a8061be87f54-eb897c1f5ad6440c8f00aec9a67b84c6"> <a href="/versions/v9/groups/G0018/"> admin@338 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="9bc10ab42f5041809586a8061be87f54-8fd5ab8725924d97ba0b2eba004f2fee"> <a href="/versions/v9/groups/G0130/"> Ajax Security Team </a> </div> </div> <div class="sidenav"> <div class="sidenav-head active" id="9bc10ab42f5041809586a8061be87f54-c32bf624d6bf42ce95707467e8b90269"> <a href="/versions/v9/groups/G0099/"> APT-C-36 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="9bc10ab42f5041809586a8061be87f54-0c3154fe96b343078274c0dc2f23dda1"> <a href="/versions/v9/groups/G0006/"> APT1 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="9bc10ab42f5041809586a8061be87f54-843a69656c2b482bb3b10d76f7c6e16f"> <a href="/versions/v9/groups/G0005/"> APT12 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="9bc10ab42f5041809586a8061be87f54-1ab49126b7894fcfae69deeac14618fc"> <a href="/versions/v9/groups/G0023/"> APT16 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="9bc10ab42f5041809586a8061be87f54-f88228946e41453e92e38c5866a4212f"> <a href="/versions/v9/groups/G0025/"> APT17 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="9bc10ab42f5041809586a8061be87f54-26f2dc710f78450dbbc1be11faa21ddd"> <a href="/versions/v9/groups/G0026/"> APT18 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="9bc10ab42f5041809586a8061be87f54-1fdff936c860439ebe70a7ff3be5989d"> <a href="/versions/v9/groups/G0073/"> APT19 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="9bc10ab42f5041809586a8061be87f54-fb8607b2690341d89cde7ca7a69c91c6"> <a href="/versions/v9/groups/G0007/"> APT28 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="9bc10ab42f5041809586a8061be87f54-9e54c5fbd52e4859b9fc4fcf11335e4c"> <a href="/versions/v9/groups/G0016/"> APT29 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="9bc10ab42f5041809586a8061be87f54-3a223da5b87447f0bbd859a5bba79ce0"> <a href="/versions/v9/groups/G0022/"> APT3 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="9bc10ab42f5041809586a8061be87f54-0fc20a27442549099f96a0595e939e69"> <a href="/versions/v9/groups/G0013/"> APT30 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="9bc10ab42f5041809586a8061be87f54-311b6fd499004f0ab3c936b9a5db4817"> <a href="/versions/v9/groups/G0050/"> APT32 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="9bc10ab42f5041809586a8061be87f54-f2d9fa39e41344d3bb3e0d64ba14a219"> <a href="/versions/v9/groups/G0064/"> APT33 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="9bc10ab42f5041809586a8061be87f54-4706e13c21cf48e59061dbbaab2ecc84"> <a href="/versions/v9/groups/G0067/"> APT37 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="9bc10ab42f5041809586a8061be87f54-080b6603df0c41b394986e93492c6baa"> <a href="/versions/v9/groups/G0082/"> APT38 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="9bc10ab42f5041809586a8061be87f54-4df65ad27985448e8d0570867a13bf45"> <a href="/versions/v9/groups/G0087/"> APT39 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="9bc10ab42f5041809586a8061be87f54-06a4b5899d3549e3aa5e4d4ac0adc511"> <a href="/versions/v9/groups/G0096/"> APT41 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="9bc10ab42f5041809586a8061be87f54-f1cd11a66db84516a3520405067f85dc"> <a href="/versions/v9/groups/G0001/"> Axiom </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="9bc10ab42f5041809586a8061be87f54-5fc1a029befe48b587d4dece1a6bfeeb"> <a href="/versions/v9/groups/G0063/"> BlackOasis </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="9bc10ab42f5041809586a8061be87f54-7d8f8060918143018a61b7d75fae5d61"> <a href="/versions/v9/groups/G0098/"> BlackTech </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="9bc10ab42f5041809586a8061be87f54-3c28366e21404f609b54930888771a75"> <a href="/versions/v9/groups/G0108/"> Blue Mockingbird </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="9bc10ab42f5041809586a8061be87f54-b83df494e0cf43a7a348dcfe001722de"> <a href="/versions/v9/groups/G0097/"> Bouncing Golf </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="9bc10ab42f5041809586a8061be87f54-8080a2475195401ab077c1180ab335bb"> <a href="/versions/v9/groups/G0060/"> BRONZE BUTLER </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="c9652acf849c48b6b237f8b1ebf4fe78"> <span>C-D</span> <div class="expand-button collapsed" id="c9652acf849c48b6b237f8b1ebf4fe78-header" data-toggle="collapse" data-target="#c9652acf849c48b6b237f8b1ebf4fe78-body" aria-expanded="false" aria-controls="#c9652acf849c48b6b237f8b1ebf4fe78-body"></div> </div> <div class="sidenav-body collapse" id="c9652acf849c48b6b237f8b1ebf4fe78-body" aria-labelledby="c9652acf849c48b6b237f8b1ebf4fe78-header"> <div class="sidenav"> <div class="sidenav-head" id="c9652acf849c48b6b237f8b1ebf4fe78-db8b931f952d412e9d12e18c2c6681fc"> <a href="/versions/v9/groups/G0008/"> Carbanak </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="c9652acf849c48b6b237f8b1ebf4fe78-f3581612c373478bad1829f9b42d6481"> <a href="/versions/v9/groups/G0114/"> Chimera </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="c9652acf849c48b6b237f8b1ebf4fe78-dd4c80e77f3e489eb664554c42cdd0ab"> <a href="/versions/v9/groups/G0003/"> Cleaver </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="c9652acf849c48b6b237f8b1ebf4fe78-b1e7f8f3bf7d4258b62f192b87703106"> <a href="/versions/v9/groups/G0080/"> Cobalt Group </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="c9652acf849c48b6b237f8b1ebf4fe78-1d8331b206264aa0bd4524d9de1ef598"> <a href="/versions/v9/groups/G0052/"> CopyKittens </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="c9652acf849c48b6b237f8b1ebf4fe78-147b48ccc2654c4fb25185883229826b"> <a href="/versions/v9/groups/G0070/"> Dark Caracal </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="c9652acf849c48b6b237f8b1ebf4fe78-634f2cae3e0442dba2d09fc987e39e6d"> <a href="/versions/v9/groups/G0012/"> Darkhotel </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="c9652acf849c48b6b237f8b1ebf4fe78-50e56472a5ed4f6195061236a3fb3d00"> <a href="/versions/v9/groups/G0079/"> DarkHydrus </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="c9652acf849c48b6b237f8b1ebf4fe78-08a60dc295e846d89694ff96717072b6"> <a href="/versions/v9/groups/G0105/"> DarkVishnya </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="c9652acf849c48b6b237f8b1ebf4fe78-15a1180154b449aa9c27c65a46dc074b"> <a href="/versions/v9/groups/G0009/"> Deep Panda </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="c9652acf849c48b6b237f8b1ebf4fe78-995ee427b54e4a9aae324ad3f081b0db"> <a href="/versions/v9/groups/G0035/"> Dragonfly </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="c9652acf849c48b6b237f8b1ebf4fe78-41c57f3ed8b240c0a8c6120a2652495c"> <a href="/versions/v9/groups/G0074/"> Dragonfly 2.0 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="c9652acf849c48b6b237f8b1ebf4fe78-8b316a89b77e4e7f837bd4b1f4fad10c"> <a href="/versions/v9/groups/G0017/"> DragonOK </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="c9652acf849c48b6b237f8b1ebf4fe78-a4100800c4f1428bbbe2540845511483"> <a href="/versions/v9/groups/G0031/"> Dust Storm </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="9f2eecc86c504f9eabd959d63728aaa1"> <span>E-F</span> <div class="expand-button collapsed" id="9f2eecc86c504f9eabd959d63728aaa1-header" data-toggle="collapse" data-target="#9f2eecc86c504f9eabd959d63728aaa1-body" aria-expanded="false" aria-controls="#9f2eecc86c504f9eabd959d63728aaa1-body"></div> </div> <div class="sidenav-body collapse" id="9f2eecc86c504f9eabd959d63728aaa1-body" aria-labelledby="9f2eecc86c504f9eabd959d63728aaa1-header"> <div class="sidenav"> <div class="sidenav-head" id="9f2eecc86c504f9eabd959d63728aaa1-59ce950244e04dbc8dba513a6a773287"> <a href="/versions/v9/groups/G0066/"> Elderwood </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="9f2eecc86c504f9eabd959d63728aaa1-0cba5b5ed65b4029be092df210cff9aa"> <a href="/versions/v9/groups/G0020/"> Equation </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="9f2eecc86c504f9eabd959d63728aaa1-3f10859e19074cfb95f376c246350cc5"> <a href="/versions/v9/groups/G0120/"> Evilnum </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="9f2eecc86c504f9eabd959d63728aaa1-0842ff6a6e21414ba8f475a9bb395a7c"> <a href="/versions/v9/groups/G0051/"> FIN10 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="9f2eecc86c504f9eabd959d63728aaa1-7b7338533d7b4c54bc0ef9eaf4d1a251"> <a href="/versions/v9/groups/G0085/"> FIN4 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="9f2eecc86c504f9eabd959d63728aaa1-6af19e38aa4d4b57b5c0606f5a7e8391"> <a href="/versions/v9/groups/G0053/"> FIN5 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="9f2eecc86c504f9eabd959d63728aaa1-6464cb233f6f4c53b1ab5db10f23a210"> <a href="/versions/v9/groups/G0037/"> FIN6 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="9f2eecc86c504f9eabd959d63728aaa1-48bd3bce115544c5952947533d0b60a3"> <a href="/versions/v9/groups/G0046/"> FIN7 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="9f2eecc86c504f9eabd959d63728aaa1-372710aab0084f3c8aba309b6ef2d212"> <a href="/versions/v9/groups/G0061/"> FIN8 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="9f2eecc86c504f9eabd959d63728aaa1-b8594e11427448c3a8224726c17cd747"> <a href="/versions/v9/groups/G0117/"> Fox Kitten </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="9f2eecc86c504f9eabd959d63728aaa1-e33946268c9c4844bfcde0970048b263"> <a href="/versions/v9/groups/G0101/"> Frankenstein </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="7f34b9e0316841f8b1c5533bc278a8d4"> <span>G-H</span> <div class="expand-button collapsed" id="7f34b9e0316841f8b1c5533bc278a8d4-header" data-toggle="collapse" data-target="#7f34b9e0316841f8b1c5533bc278a8d4-body" aria-expanded="false" aria-controls="#7f34b9e0316841f8b1c5533bc278a8d4-body"></div> </div> <div class="sidenav-body collapse" id="7f34b9e0316841f8b1c5533bc278a8d4-body" aria-labelledby="7f34b9e0316841f8b1c5533bc278a8d4-header"> <div class="sidenav"> <div class="sidenav-head" id="7f34b9e0316841f8b1c5533bc278a8d4-4b7069ae092f469582d5726f70b96eb1"> <a href="/versions/v9/groups/G0093/"> GALLIUM </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7f34b9e0316841f8b1c5533bc278a8d4-db030a3ae5d3425e8cc3ccf2cfb84f3b"> <a href="/versions/v9/groups/G0084/"> Gallmaker </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7f34b9e0316841f8b1c5533bc278a8d4-1bebf0070465403494974a0af6d52786"> <a href="/versions/v9/groups/G0047/"> Gamaredon Group </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7f34b9e0316841f8b1c5533bc278a8d4-f69559b91b06468eb923b635e71bcede"> <a href="/versions/v9/groups/G0036/"> GCMAN </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7f34b9e0316841f8b1c5533bc278a8d4-f4789813e37546e89840f110bdcafdba"> <a href="/versions/v9/groups/G0115/"> GOLD SOUTHFIELD </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7f34b9e0316841f8b1c5533bc278a8d4-c4e44253bd5b4a829356d7689056c55f"> <a href="/versions/v9/groups/G0078/"> Gorgon Group </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7f34b9e0316841f8b1c5533bc278a8d4-16adea168fef439786f2d924ab908d83"> <a href="/versions/v9/groups/G0043/"> Group5 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7f34b9e0316841f8b1c5533bc278a8d4-ccffcc3471bf43b5946a606b0a4b9b1a"> <a href="/versions/v9/groups/G0125/"> HAFNIUM </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7f34b9e0316841f8b1c5533bc278a8d4-a887df3159bc46088852185e877d7b11"> <a href="/versions/v9/groups/G0126/"> Higaisa </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7f34b9e0316841f8b1c5533bc278a8d4-82b66952833942b781e7d85766e990f8"> <a href="/versions/v9/groups/G0072/"> Honeybee </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="69cb6ac7c257408dbc2b1f5e09965b3f"> <span>I-J</span> <div class="expand-button collapsed" id="69cb6ac7c257408dbc2b1f5e09965b3f-header" data-toggle="collapse" data-target="#69cb6ac7c257408dbc2b1f5e09965b3f-body" aria-expanded="false" aria-controls="#69cb6ac7c257408dbc2b1f5e09965b3f-body"></div> </div> <div class="sidenav-body collapse" id="69cb6ac7c257408dbc2b1f5e09965b3f-body" aria-labelledby="69cb6ac7c257408dbc2b1f5e09965b3f-header"> <div class="sidenav"> <div class="sidenav-head" id="69cb6ac7c257408dbc2b1f5e09965b3f-e0f25da1e47241ed9003cf925c208671"> <a href="/versions/v9/groups/G0100/"> Inception </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="69cb6ac7c257408dbc2b1f5e09965b3f-2bcf49313dcf44908e4b514a118ec380"> <a href="/versions/v9/groups/G0119/"> Indrik Spider </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="cdc4d061012c45d89f82f0ccefd42bbb"> <span>K-L</span> <div class="expand-button collapsed" id="cdc4d061012c45d89f82f0ccefd42bbb-header" data-toggle="collapse" data-target="#cdc4d061012c45d89f82f0ccefd42bbb-body" aria-expanded="false" aria-controls="#cdc4d061012c45d89f82f0ccefd42bbb-body"></div> </div> <div class="sidenav-body collapse" id="cdc4d061012c45d89f82f0ccefd42bbb-body" aria-labelledby="cdc4d061012c45d89f82f0ccefd42bbb-header"> <div class="sidenav"> <div class="sidenav-head" id="cdc4d061012c45d89f82f0ccefd42bbb-61494339efa24892b74cb1bab727ebab"> <a href="/versions/v9/groups/G0004/"> Ke3chang </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="cdc4d061012c45d89f82f0ccefd42bbb-7fcbe0dbfca64881b3d90886fa02a057"> <a href="/versions/v9/groups/G0094/"> Kimsuky </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="cdc4d061012c45d89f82f0ccefd42bbb-bdb1c87e10124497bc426a32b425de37"> <a href="/versions/v9/groups/G0032/"> Lazarus Group </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="cdc4d061012c45d89f82f0ccefd42bbb-26f389bcb54744a2a88e3d8b14ebb187"> <a href="/versions/v9/groups/G0077/"> Leafminer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="cdc4d061012c45d89f82f0ccefd42bbb-01a297ae43e24d27b48dc26f67588c57"> <a href="/versions/v9/groups/G0065/"> Leviathan </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="cdc4d061012c45d89f82f0ccefd42bbb-0173fd0276f24cb2addbf1d49af106f1"> <a href="/versions/v9/groups/G0030/"> Lotus Blossom </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="8bba62bbe3cf487eb3d0e1324d5ea3a7"> <span>M-N</span> <div class="expand-button collapsed" id="8bba62bbe3cf487eb3d0e1324d5ea3a7-header" data-toggle="collapse" data-target="#8bba62bbe3cf487eb3d0e1324d5ea3a7-body" aria-expanded="false" aria-controls="#8bba62bbe3cf487eb3d0e1324d5ea3a7-body"></div> </div> <div class="sidenav-body collapse" id="8bba62bbe3cf487eb3d0e1324d5ea3a7-body" aria-labelledby="8bba62bbe3cf487eb3d0e1324d5ea3a7-header"> <div class="sidenav"> <div class="sidenav-head" id="8bba62bbe3cf487eb3d0e1324d5ea3a7-8edbdbed90584c03b70fc818644a5185"> <a href="/versions/v9/groups/G0095/"> Machete </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="8bba62bbe3cf487eb3d0e1324d5ea3a7-e84a7ed3b84b4dcfb01df20449c1064d"> <a href="/versions/v9/groups/G0059/"> Magic Hound </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="8bba62bbe3cf487eb3d0e1324d5ea3a7-af944ff295644b2db8f5215c30425187"> <a href="/versions/v9/groups/G0045/"> menuPass </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="8bba62bbe3cf487eb3d0e1324d5ea3a7-76aa410923384ac0b07fab724da445b6"> <a href="/versions/v9/groups/G0002/"> Moafee </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="8bba62bbe3cf487eb3d0e1324d5ea3a7-31eff51171d14109ab2ed1ebeb118bbe"> <a href="/versions/v9/groups/G0103/"> Mofang </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="8bba62bbe3cf487eb3d0e1324d5ea3a7-125859f5afd244758c04d908faabd932"> <a href="/versions/v9/groups/G0021/"> Molerats </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="8bba62bbe3cf487eb3d0e1324d5ea3a7-7e1535d22fd949e9a58bafd020550df3"> <a href="/versions/v9/groups/G0069/"> MuddyWater </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="8bba62bbe3cf487eb3d0e1324d5ea3a7-615d6fbe25804bd68bd2f4a1107d920b"> <a href="/versions/v9/groups/G0129/"> Mustang Panda </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="8bba62bbe3cf487eb3d0e1324d5ea3a7-73fa70a5a9cb4c5689c7526e4f66081d"> <a href="/versions/v9/groups/G0019/"> Naikon </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="8bba62bbe3cf487eb3d0e1324d5ea3a7-375acf3b572244a08b896bf8466d0a00"> <a href="/versions/v9/groups/G0055/"> NEODYMIUM </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="8bba62bbe3cf487eb3d0e1324d5ea3a7-5eb93e7b5ae146c5b46a5d21fe03a4a7"> <a href="/versions/v9/groups/G0014/"> Night Dragon </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="0ca8ff8ba9024fe09ea2afc61a952501"> <span>O-P</span> <div class="expand-button collapsed" id="0ca8ff8ba9024fe09ea2afc61a952501-header" data-toggle="collapse" data-target="#0ca8ff8ba9024fe09ea2afc61a952501-body" aria-expanded="false" aria-controls="#0ca8ff8ba9024fe09ea2afc61a952501-body"></div> </div> <div class="sidenav-body collapse" id="0ca8ff8ba9024fe09ea2afc61a952501-body" aria-labelledby="0ca8ff8ba9024fe09ea2afc61a952501-header"> <div class="sidenav"> <div class="sidenav-head" id="0ca8ff8ba9024fe09ea2afc61a952501-54768326f6654fb8926eac02f28ad486"> <a href="/versions/v9/groups/G0049/"> OilRig </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="0ca8ff8ba9024fe09ea2afc61a952501-0aacbe0d942b4eb28d5d7d2476fcfd52"> <a href="/versions/v9/groups/G0116/"> Operation Wocao </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="0ca8ff8ba9024fe09ea2afc61a952501-e11639e6af294e1d9b8052e5cd1e620f"> <a href="/versions/v9/groups/G0071/"> Orangeworm </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="0ca8ff8ba9024fe09ea2afc61a952501-5e003492658643c897dc46152eaffcb5"> <a href="/versions/v9/groups/G0040/"> Patchwork </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="0ca8ff8ba9024fe09ea2afc61a952501-e1359725d8ae4cc2a16eee5802effde5"> <a href="/versions/v9/groups/G0011/"> PittyTiger </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="0ca8ff8ba9024fe09ea2afc61a952501-1529d895bd404a2f8856099b8e8fb640"> <a href="/versions/v9/groups/G0068/"> PLATINUM </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="0ca8ff8ba9024fe09ea2afc61a952501-d8ce4ed2e7ce4371b8836b1ba5e2cf2d"> <a href="/versions/v9/groups/G0033/"> Poseidon Group </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="0ca8ff8ba9024fe09ea2afc61a952501-e9fd05a2492241b5bc7d3d99d1e5be94"> <a href="/versions/v9/groups/G0056/"> PROMETHIUM </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="0ca8ff8ba9024fe09ea2afc61a952501-b2b2da56d6ef4998b5b51cadfa0e4e0f"> <a href="/versions/v9/groups/G0024/"> Putter Panda </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="9c315870cc46405688ed5b4992ea0cd9"> <span>Q-R</span> <div class="expand-button collapsed" id="9c315870cc46405688ed5b4992ea0cd9-header" data-toggle="collapse" data-target="#9c315870cc46405688ed5b4992ea0cd9-body" aria-expanded="false" aria-controls="#9c315870cc46405688ed5b4992ea0cd9-body"></div> </div> <div class="sidenav-body collapse" id="9c315870cc46405688ed5b4992ea0cd9-body" aria-labelledby="9c315870cc46405688ed5b4992ea0cd9-header"> <div class="sidenav"> <div class="sidenav-head" id="9c315870cc46405688ed5b4992ea0cd9-ac912afa8e08410292784c628456c4dd"> <a href="/versions/v9/groups/G0075/"> Rancor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="9c315870cc46405688ed5b4992ea0cd9-e37a841ffc72485794a70ba7c13bc8a4"> <a href="/versions/v9/groups/G0106/"> Rocke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="9c315870cc46405688ed5b4992ea0cd9-128de6e01a6b4412a9b684bb75248fe8"> <a href="/versions/v9/groups/G0048/"> RTM </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="87d8075c72ad40fbb19f9022ad8f64b2"> <span>S-T</span> <div class="expand-button collapsed" id="87d8075c72ad40fbb19f9022ad8f64b2-header" data-toggle="collapse" data-target="#87d8075c72ad40fbb19f9022ad8f64b2-body" aria-expanded="false" aria-controls="#87d8075c72ad40fbb19f9022ad8f64b2-body"></div> </div> <div class="sidenav-body collapse" id="87d8075c72ad40fbb19f9022ad8f64b2-body" aria-labelledby="87d8075c72ad40fbb19f9022ad8f64b2-header"> <div class="sidenav"> <div class="sidenav-head" id="87d8075c72ad40fbb19f9022ad8f64b2-5016020b8dd34724af6755ba6ec71120"> <a href="/versions/v9/groups/G0034/"> Sandworm Team </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="87d8075c72ad40fbb19f9022ad8f64b2-701e7ac2250642b481d565530e3de2e1"> <a href="/versions/v9/groups/G0029/"> Scarlet Mimic </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="87d8075c72ad40fbb19f9022ad8f64b2-d297ba1ca5094ca594b4f9effd3d2a63"> <a href="/versions/v9/groups/G0104/"> Sharpshooter </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="87d8075c72ad40fbb19f9022ad8f64b2-d7375e52b3a04157a6ae508927123b95"> <a href="/versions/v9/groups/G0121/"> Sidewinder </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="87d8075c72ad40fbb19f9022ad8f64b2-8722d61de36d488fbe1a5b061595fd95"> <a href="/versions/v9/groups/G0091/"> Silence </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="87d8075c72ad40fbb19f9022ad8f64b2-29bbc5e7d8db40a8886ff19e83a96b41"> <a href="/versions/v9/groups/G0122/"> Silent Librarian </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="87d8075c72ad40fbb19f9022ad8f64b2-a714165996ce4096b5da2a5abbed72c5"> <a href="/versions/v9/groups/G0083/"> SilverTerrier </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="87d8075c72ad40fbb19f9022ad8f64b2-ec9a3b77890f4172b18077a1efb6b0b7"> <a href="/versions/v9/groups/G0054/"> Sowbug </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="87d8075c72ad40fbb19f9022ad8f64b2-a5140dc1144743179e6711320b2b6043"> <a href="/versions/v9/groups/G0038/"> Stealth Falcon </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="87d8075c72ad40fbb19f9022ad8f64b2-4b045f80fec54b1db359b2c97504a3e5"> <a href="/versions/v9/groups/G0086/"> Stolen Pencil </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="87d8075c72ad40fbb19f9022ad8f64b2-3e720da026d74a0da8910ff0ac0db268"> <a href="/versions/v9/groups/G0041/"> Strider </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="87d8075c72ad40fbb19f9022ad8f64b2-69c24c5cfbbe4b039b26265b8b55ebb4"> <a href="/versions/v9/groups/G0039/"> Suckfly </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="87d8075c72ad40fbb19f9022ad8f64b2-2825b0b754b94a25bbde6cb5d9780785"> <a href="/versions/v9/groups/G0062/"> TA459 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="87d8075c72ad40fbb19f9022ad8f64b2-a79283297c4943b98dd0b22780f5def6"> <a href="/versions/v9/groups/G0092/"> TA505 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="87d8075c72ad40fbb19f9022ad8f64b2-4dd0f0bc793a4770a237e2616f0b608f"> <a href="/versions/v9/groups/G0127/"> TA551 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="87d8075c72ad40fbb19f9022ad8f64b2-43a8b490c3904cc194247d4e02fc4296"> <a href="/versions/v9/groups/G0015/"> Taidoor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="87d8075c72ad40fbb19f9022ad8f64b2-0e740212837d485397e122344e69d4ee"> <a href="/versions/v9/groups/G0088/"> TEMP.Veles </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="87d8075c72ad40fbb19f9022ad8f64b2-a03080dbde0840219c117fc3dd9251c8"> <a href="/versions/v9/groups/G0089/"> The White Company </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="87d8075c72ad40fbb19f9022ad8f64b2-bfac41f1e4ed41c18fe176cc94c5b393"> <a href="/versions/v9/groups/G0028/"> Threat Group-1314 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="87d8075c72ad40fbb19f9022ad8f64b2-68731fabd49e404c8160d82eff15b50d"> <a href="/versions/v9/groups/G0027/"> Threat Group-3390 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="87d8075c72ad40fbb19f9022ad8f64b2-23bf52c62b394f2c832876b7cea27d7a"> <a href="/versions/v9/groups/G0076/"> Thrip </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="87d8075c72ad40fbb19f9022ad8f64b2-b40e63fa8c834212b0e3769480b64496"> <a href="/versions/v9/groups/G0081/"> Tropic Trooper </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="87d8075c72ad40fbb19f9022ad8f64b2-d87018444dee40e3b3d9904f9f86521c"> <a href="/versions/v9/groups/G0010/"> Turla </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="1a50e36945244146b3675ab05250650d"> <span>U-V</span> <div class="expand-button collapsed" id="1a50e36945244146b3675ab05250650d-header" data-toggle="collapse" data-target="#1a50e36945244146b3675ab05250650d-body" aria-expanded="false" aria-controls="#1a50e36945244146b3675ab05250650d-body"></div> </div> <div class="sidenav-body collapse" id="1a50e36945244146b3675ab05250650d-body" aria-labelledby="1a50e36945244146b3675ab05250650d-header"> <div class="sidenav"> <div class="sidenav-head" id="1a50e36945244146b3675ab05250650d-cb299810c5d643f0b1de3974367e174e"> <a href="/versions/v9/groups/G0123/"> Volatile Cedar </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="4b4931e3517041d3861283faa2b8c343"> <span>W-X</span> <div class="expand-button collapsed" id="4b4931e3517041d3861283faa2b8c343-header" data-toggle="collapse" data-target="#4b4931e3517041d3861283faa2b8c343-body" aria-expanded="false" aria-controls="#4b4931e3517041d3861283faa2b8c343-body"></div> </div> <div class="sidenav-body collapse" id="4b4931e3517041d3861283faa2b8c343-body" aria-labelledby="4b4931e3517041d3861283faa2b8c343-header"> <div class="sidenav"> <div class="sidenav-head" id="4b4931e3517041d3861283faa2b8c343-a11643f4cca04a36893be9e7a5ebad8f"> <a href="/versions/v9/groups/G0107/"> Whitefly </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="4b4931e3517041d3861283faa2b8c343-8215d91eca124542a1d489bd901c10d5"> <a href="/versions/v9/groups/G0124/"> Windigo </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="4b4931e3517041d3861283faa2b8c343-7186929dafbe4852b778e8a357d449bf"> <a href="/versions/v9/groups/G0112/"> Windshift </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="4b4931e3517041d3861283faa2b8c343-52ba1a0a287943299fe88eac3493c514"> <a href="/versions/v9/groups/G0044/"> Winnti Group </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="4b4931e3517041d3861283faa2b8c343-93553aa3a2fd4173af460f9569c879cd"> <a href="/versions/v9/groups/G0090/"> WIRTE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="4b4931e3517041d3861283faa2b8c343-6848e592c4ce492bbb368b79ee6e735a"> <a href="/versions/v9/groups/G0102/"> Wizard Spider </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="a5819d5e89464ffabceb17e836662294"> <span>Y-Z</span> <div class="expand-button collapsed" id="a5819d5e89464ffabceb17e836662294-header" data-toggle="collapse" data-target="#a5819d5e89464ffabceb17e836662294-body" aria-expanded="false" aria-controls="#a5819d5e89464ffabceb17e836662294-body"></div> </div> <div class="sidenav-body collapse" id="a5819d5e89464ffabceb17e836662294-body" aria-labelledby="a5819d5e89464ffabceb17e836662294-header"> <div class="sidenav"> <div class="sidenav-head" id="a5819d5e89464ffabceb17e836662294-2779946926394bc19a3c66031d634130"> <a href="/versions/v9/groups/G0128/"> ZIRCONIUM </a> </div> </div> </div> </div> </div> <!--start-indexing-for-search--> </div> <div class="tab-content col-xl-10 col-lg-9 col-md-9 pt-4" id="v-tabContent"> <div class="tab-pane fade show active" id="v-attckmatrix" role="tabpanel" aria-labelledby="v-attckmatrix-tab"> <ol class="breadcrumb"> <li class="breadcrumb-item"><a href="/versions/v9/">Home</a></li> <li class="breadcrumb-item"><a href="/versions/v9/groups/">Groups</a></li> <li class="breadcrumb-item">APT-C-36</li> </ol> <div class="tab-pane fade show active" id="v-" role="tabpanel" aria-labelledby="v--tab"></div> <div class="row"> <div class="col-xl-12"> <div class="jumbotron jumbotron-fluid"> <div class="container-fluid"> <h1> APT-C-36 </h1> <div class="row"> <div class="col-md-8"> <div class="description-body"> <p><a href="/versions/v9/groups/G0099">APT-C-36</a> is a suspected South America espionage group that has been active since at least 2018. The group mainly targets Colombian government institutions as well as important corporations in the financial sector, petroleum industry, and professional manufacturing.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="QiAnXin APT-C-36 Feb2019"><sup><a href="https://web.archive.org/web/20190625182633if_/https://ti.360.net/blog/articles/apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a></sup></span></p> </div> </div> <div class="col-md-4"> <div class="card"> <div class="card-body"> <div id="card-id" class="row card-data"> <div class="col-md-1 px-0 text-center"></div> <div class="col-md-11 pl-0"> <span class="h5 card-title">ID:&nbsp;</span>G0099 </div> </div> <div class="row card-data"> <div class="col-md-1 px-0 text-center"> <span data-toggle="tooltip" data-placement="left" title="" data-test-ignore="true" data-original-title="Names that have overlapping reference to a group entry and may refer to the same or similar group in threat intelligence reporting">&#9432;</span> </div> <div class="col-md-11 pl-0"> <span class="h5 card-title">Associated Groups</span>: Blind Eagle </div> </div> <div class="row card-data"> <div class="col-md-1 px-0 text-center"></div> <div class="col-md-11 pl-0"> <span class="h5 card-title">Contributors</span>: Jose Luis S谩nchez Martinez </div> </div> <div class="row card-data"> <div class="col-md-1 px-0 text-center"></div> <div class="col-md-11 pl-0"> <span class="h5 card-title">Version</span>: 1.0 </div> </div> <div class="row card-data"> <div class="col-md-1 px-0 text-center"></div> <div class="col-md-11 pl-0"> <span class="h5 card-title">Created:&nbsp;</span>05 May 2020 </div> </div> <div class="row card-data"> <div class="col-md-1 px-0 text-center"></div> <div class="col-md-11 pl-0"> <span class="h5 card-title">Last Modified:&nbsp;</span>14 October 2020 </div> </div> </div> </div> <div class="text-center pt-2 version-button permalink"> <div class="live"> <a data-toggle="tooltip" data-placement="bottom" title="Permalink to this version of G0099" href="/versions/v9/groups/G0099/" data-test-ignore="true">Version Permalink</a> </div> <div class="permalink"> <a data-toggle="tooltip" data-placement="bottom" title="Go to the live version of G0099" href="/groups/G0099/" data-test-ignore="true">Live Version</a><!--do not change this line without also changing versions.py--> </div> </div> </div> </div> <h2 class="pt-3" id ="aliasDescription">Associated Group Descriptions</h2> <table class="table table-bordered table-alternate mt-2"> <thead> <tr> <th scope="col">Name</th> <th scope="col">Description</th> </tr> </thead> <tbody> <tr> <td> Blind Eagle </td> <td> <p><span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="QiAnXin APT-C-36 Feb2019"><sup><a href="https://web.archive.org/web/20190625182633if_/https://ti.360.net/blog/articles/apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a></sup></span></p> </td> </tr> </tbody> </table> <!--stop-indexing-for-search--> <div class="dropdown h3 mt-3 float-right"> <button class="btn btn-navy dropdown-toggle" type="button" id="dropdownMenuButton" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <b>ATT&amp;CK<sup>&reg;</sup> Navigator Layers</b> </button> <div class="dropdown-menu" aria-labelledby="dropdownMenuButton"> <h6 class="dropdown-header">Enterprise Layer</h6> <a class="dropdown-item" href="/versions/v9/groups/G0099/G0099-enterprise-layer.json" download target="_blank">download</a> <!-- only show view on navigator link if layer link is defined --> <a class="dropdown-item" href="#" id="view-layer-on-navigator-enterprise" target="_blank">view <img width="10" src="/versions/v9/theme/images/external-site-dark.jpeg"></a> <script src="/versions/v9/theme/scripts/settings.js"></script> <script> if (window.location.protocol == "https:") { //view on navigator only works when this site is hosted on HTTPS layerURL = window.location.protocol + "//" + window.location.host + base_url + "groups/G0099/G0099-enterprise-layer.json"; document.getElementById("view-layer-on-navigator-enterprise").href = "https://mitre-attack.github.io/attack-navigator//#layerURL=" + encodeURIComponent(layerURL); } else { //hide button document.getElementById("view-layer-on-navigator-enterprise").classList.add("d-none"); } </script> </div> </div> <!--start-indexing-for-search--> <h2 class="pt-3" id="techniques">Techniques Used</h2> <table class="table techniques-used table-bordered mt-2"> <thead> <tr> <th class="p-2" scope="col">Domain</th> <th class="p-2" colspan="2">ID</th> <th class="p-2" scope="col">Name</th> <th class="p-2" scope="col">Use</th> </tr> </thead> <tbody> <tr class="sub technique noparent" id="uses-T1059-005"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1059">T1059</a> </td> <td> <a href="/versions/v9/techniques/T1059/005">.005</a> </td> <td> <a href="/versions/v9/techniques/T1059">Command and Scripting Interpreter</a>: <a href="/versions/v9/techniques/T1059/005">Visual Basic</a> </td> <td> <p><a href="/versions/v9/groups/G0099">APT-C-36</a> has embedded a VBScript within a malicious Word document which is executed upon the document opening.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="QiAnXin APT-C-36 Feb2019"><sup><a href="https://web.archive.org/web/20190625182633if_/https://ti.360.net/blog/articles/apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a></sup></span></p> </td> </tr> <tr class="technique" id="uses-T1105"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1105">T1105</a> </td> <td> <a href="/versions/v9/techniques/T1105">Ingress Tool Transfer</a> </td> <td> <p><a href="/versions/v9/groups/G0099">APT-C-36</a> has downloaded binary data from a specified domain after the malicious document is opened.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="QiAnXin APT-C-36 Feb2019"><sup><a href="https://web.archive.org/web/20190625182633if_/https://ti.360.net/blog/articles/apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a></sup></span></p> </td> </tr> <tr class="sub technique noparent" id="uses-T1036-004"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1036">T1036</a> </td> <td> <a href="/versions/v9/techniques/T1036/004">.004</a> </td> <td> <a href="/versions/v9/techniques/T1036">Masquerading</a>: <a href="/versions/v9/techniques/T1036/004">Masquerade Task or Service</a> </td> <td> <p><a href="/versions/v9/groups/G0099">APT-C-36</a> has disguised its scheduled tasks as those used by Google.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="QiAnXin APT-C-36 Feb2019"><sup><a href="https://web.archive.org/web/20190625182633if_/https://ti.360.net/blog/articles/apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a></sup></span></p> </td> </tr> <tr class="technique" id="uses-T1571"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1571">T1571</a> </td> <td> <a href="/versions/v9/techniques/T1571">Non-Standard Port</a> </td> <td> <p><a href="/versions/v9/groups/G0099">APT-C-36</a> has used port 4050 for C2 communications.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="QiAnXin APT-C-36 Feb2019"><sup><a href="https://web.archive.org/web/20190625182633if_/https://ti.360.net/blog/articles/apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a></sup></span></p> </td> </tr> <tr class="technique" id="uses-T1027"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1027">T1027</a> </td> <td> <a href="/versions/v9/techniques/T1027">Obfuscated Files or Information</a> </td> <td> <p><a href="/versions/v9/groups/G0099">APT-C-36</a> has used ConfuserEx to obfuscate its variant of <a href="/versions/v9/software/S0434">Imminent Monitor</a>, compressed payload and RAT packages, and password protected encrypted email attachments to avoid detection.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="QiAnXin APT-C-36 Feb2019"><sup><a href="https://web.archive.org/web/20190625182633if_/https://ti.360.net/blog/articles/apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a></sup></span></p> </td> </tr> <tr class="sub technique noparent" id="uses-T1566-001"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1566">T1566</a> </td> <td> <a href="/versions/v9/techniques/T1566/001">.001</a> </td> <td> <a href="/versions/v9/techniques/T1566">Phishing</a>: <a href="/versions/v9/techniques/T1566/001">Spearphishing Attachment</a> </td> <td> <p><a href="/versions/v9/groups/G0099">APT-C-36</a> has used spearphishing emails with password protected RAR attachment to avoid being detected by the email gateway.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="QiAnXin APT-C-36 Feb2019"><sup><a href="https://web.archive.org/web/20190625182633if_/https://ti.360.net/blog/articles/apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a></sup></span> </p> </td> </tr> <tr class="sub technique noparent" id="uses-T1053-005"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1053">T1053</a> </td> <td> <a href="/versions/v9/techniques/T1053/005">.005</a> </td> <td> <a href="/versions/v9/techniques/T1053">Scheduled Task/Job</a>: <a href="/versions/v9/techniques/T1053/005">Scheduled Task</a> </td> <td> <p><a href="/versions/v9/groups/G0099">APT-C-36</a> has used a macro function to set scheduled tasks, disguised as those used by Google.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="QiAnXin APT-C-36 Feb2019"><sup><a href="https://web.archive.org/web/20190625182633if_/https://ti.360.net/blog/articles/apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a></sup></span></p> </td> </tr> <tr class="sub technique noparent" id="uses-T1204-002"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1204">T1204</a> </td> <td> <a href="/versions/v9/techniques/T1204/002">.002</a> </td> <td> <a href="/versions/v9/techniques/T1204">User Execution</a>: <a href="/versions/v9/techniques/T1204/002">Malicious File</a> </td> <td> <p><a href="/versions/v9/groups/G0099">APT-C-36</a> has prompted victims to accept macros in order to execute the subsequent payload.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="QiAnXin APT-C-36 Feb2019"><sup><a href="https://web.archive.org/web/20190625182633if_/https://ti.360.net/blog/articles/apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a></sup></span></p> </td> </tr> </tbody> </table> <h2 class="pt-3" id="software">Software</h2> <table class="table table-bordered table-alternate mt-2"> <thead> <tr> <th scope="col">ID</th> <th scope="col">Name</th> <th scope="col">References</th> <th scope="col">Techniques</th> </tr> </thead> <tbody> <tr> <td> <a href="/versions/v9/software/S0434">S0434</a> </td> <td> <a href="/versions/v9/software/S0434">Imminent Monitor</a> </td> <td> <span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="QiAnXin APT-C-36 Feb2019"><sup><a href="https://web.archive.org/web/20190625182633if_/https://ti.360.net/blog/articles/apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a></sup></span> </td> <td> <a href="/versions/v9/techniques/T1123">Audio Capture</a>, <a href="/versions/v9/techniques/T1059">Command and Scripting Interpreter</a>, <a href="/versions/v9/techniques/T1555">Credentials from Password Stores</a>: <a href="/versions/v9/techniques/T1555/003">Credentials from Web Browsers</a>, <a href="/versions/v9/techniques/T1140">Deobfuscate/Decode Files or Information</a>, <a href="/versions/v9/techniques/T1041">Exfiltration Over C2 Channel</a>, <a href="/versions/v9/techniques/T1083">File and Directory Discovery</a>, <a href="/versions/v9/techniques/T1564">Hide Artifacts</a>: <a href="/versions/v9/techniques/T1564/001">Hidden Files and Directories</a>, <a href="/versions/v9/techniques/T1562">Impair Defenses</a>: <a href="/versions/v9/techniques/T1562/001">Disable or Modify Tools</a>, <a href="/versions/v9/techniques/T1070">Indicator Removal on Host</a>: <a href="/versions/v9/techniques/T1070/004">File Deletion</a>, <a href="/versions/v9/techniques/T1056">Input Capture</a>: <a href="/versions/v9/techniques/T1056/001">Keylogging</a>, <a href="/versions/v9/techniques/T1106">Native API</a>, <a href="/versions/v9/techniques/T1027">Obfuscated Files or Information</a>, <a href="/versions/v9/techniques/T1057">Process Discovery</a>, <a href="/versions/v9/techniques/T1021">Remote Services</a>: <a href="/versions/v9/techniques/T1021/001">Remote Desktop Protocol</a>, <a href="/versions/v9/techniques/T1496">Resource Hijacking</a>, <a href="/versions/v9/techniques/T1125">Video Capture</a> </td> </tr> </tbody> </table> <h2 class="pt-3" id="references">References</h2> <div class="row"> <div class="col"> <ol> <li> <span id="scite-1" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-1" href="https://web.archive.org/web/20190625182633if_/https://ti.360.net/blog/articles/apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en/" target="_blank"> QiAnXin Threat Intelligence Center. (2019, February 18). APT-C-36: Continuous Attacks Targeting Colombian Government Institutions and Corporations. Retrieved May 5, 2020. </a> </span> </span> </li> </ol> </div> <div class="col"> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> <!--stop-indexing-for-search--> <div class="overlay search" id="search-overlay" style="display: none;"> <div class="overlay-inner"> <!-- text input for searching --> <div class="search-header"> <div class="search-input"> <input type="text" id="search-input" placeholder="search"> </div> <div class="search-icons"> <div class="search-parsing-icon spinner-border" style="display: none" id="search-parsing-icon"></div> <div class="close-search-icon" id="close-search-icon">&times;</div> </div> </div> <!-- results and controls for loading more results --> <div id="search-body" class="search-body"> <div class="results" id="search-results"> <!-- content will be appended here on search --> </div> <div id="load-more-results" class="load-more-results"> <button class="btn btn-default" id="load-more-results-button">load more results</button> </div> </div> </div> </div> </div> <footer class="footer p-3"> <div class="container-fluid"> <div class="row"> <div class="col-4 col-sm-4 col-md-3"> <div class="footer-center-responsive my-auto"> <a href="https://www.mitre.org" target="_blank" rel="noopener" aria-label="MITRE"> <img src="/versions/v9/theme/images/mitrelogowhiteontrans.gif" class="mitre-logo-wtrans"> </a> </div> </div> <div class="col-2 col-sm-2 footer-responsive-break"></div> <div class="col-6 col-sm-6 text-center"> <p> 漏 2015-2021, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation. </p> <div class="row"> <div class="col text-right"> <small> <a href="/versions/v9/resources/privacy" class="footer-link">Privacy Policy</a> </small> </div> <div class="col text-center"> <small> <a href="/versions/v9/resources/terms-of-use" class="footer-link">Terms of Use</a> </small> </div> <div class="col text-left "> <small> <a href="/versions/v9/resources/changelog.html" class="footer-link" data-toggle="tooltip" data-placement="top" title="ATT&amp;CK content version 9.0&#013;Website version 3.3.1">ATT&CK v9.0</a> </small> </div> </div> </div> <div class="w-100 p-2 footer-responsive-break"></div> <div class="col"> <div class="footer-float-right-responsive-brand"> <div class="mb-1"> <a href="https://twitter.com/MITREattack" class="btn btn-primary w-100"> <!-- <i class="fa fa-twitter"></i> --> <img src="/versions/v9/theme/images/twitter.png" class="mr-1 twitter-icon"> <b>@MITREattack</b> </a> </div> <div class=""> <a href="/versions/v9/contact" class="btn btn-primary w-100"> Contact </a> </div> </div> </div> </div> </div> </div> </footer> </div> <!--SCRIPTS--> <script src="/versions/v9/theme/scripts/jquery-3.5.1.min.js"></script> <script src="/versions/v9/theme/scripts/popper.min.js"></script> <script src="/versions/v9/theme/scripts/bootstrap.bundle.min.js"></script> <script src="/versions/v9/theme/scripts/site.js"></script> <script src="/versions/v9/theme/scripts/flexsearch.es5.js"></script> <script src="/versions/v9/theme/scripts/localforage.min.js"></script> <script src="/versions/v9/theme/scripts/settings.js?3957"></script> <script src="/versions/v9/theme/scripts/search_babelized.js"></script> <!--SCRIPTS--> <script src="/versions/v9/theme/scripts/navigation.js"></script> <script src="/versions/v9/theme/scripts/bootstrap-tourist.js"></script> <script src="/versions/v9/theme/scripts/settings.js"></script> <script src="/versions/v9/theme/scripts/tour/tour-relationships.js"></script> </body> </html>

Pages: 1 2 3 4 5 6 7 8 9 10