{
	"id": "eae527f5-ca6b-4c38-9106-fd2afd382967",
	"created_at": "2026-04-06T00:13:41.622111Z",
	"updated_at": "2026-04-10T03:35:20.338666Z",
	"deleted_at": null,
	"sha1_hash": "adc80e1a9a6d5ad5479bd4f7e4f3ac500cc3fa49",
	"title": "Blind Eagle - Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 60136,
	"plain_text": "Blind Eagle - Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 15:40:12 UTC\r\n APT group: Blind Eagle\r\nNames\r\nBlind Eagle (Qihoo 360)\r\nAPT-C-36 (Qihoo 360)\r\nAguilaCiega (?)\r\nAPT-Q-98 (?)\r\nG0099 (MITRE)\r\nCountry Colombia\r\nMotivation Information theft and espionage, Financial crime\r\nFirst seen 2018\r\nDescription\r\n(Qihoo 360) Since April 2018, an APT group (Blind Eagle, APT-C-36) suspected\r\ncoming from South America carried out continuous targeted attacks against\r\nColombian government institutions as well as important corporations in financial\r\nsector, petroleum industry, professional manufacturing, etc.\r\nTill this moment, 360 Threat Intelligence Center captured 29 bait documents, 62\r\nTrojan samples and multiple related malicious domains in total. Attackers are\r\ntargeting Windows platform and aiming at government institutions as well as big\r\ncompanies in Colombia.\r\nObserved\r\nSectors: Education, Energy, Financial, Government, Healthcare, Manufacturing,\r\nTransportation and large domestic companies and multinational corporation\r\nbranches.\r\nCountries: Chile, Colombia, Ecuador, Panama, Spain, USA.\r\nTools used\r\nAsyncRAT, BitRAT, BlotchyQuasar, Imminent Monitor RAT, njRAT, LimeRAT,\r\nRemcosRAT, Warzone RAT.\r\nOperations performed\r\nSep 2021\r\nAPT-C-36 Updates Its Spam Campaign Against South American\r\nEntities With Commodity RATs\r\n\u003chttps://www.trendmicro.com/en_us/research/21/i/apt-c-36-updates-its-long-term-spam-campaign-against-south-ameri.html\u003e\r\n2022 BlindEagle Targeting Ecuador With Sharpened Tools\r\n\u003chttps://research.checkpoint.com/2023/blindeagle-targeting-ecuador-https://apt.etda.or.th/cgi-bin/showcard.cgi?u=1421d8ca-9aff-4245-8ee4-cdf72c4c65c5\r\nPage 1 of 2\n\nwith-sharpened-tools/\u003e\nFeb 2023\nBlind Eagle Deploys Fake UUE Files and Fsociety to Target\nColombia's Judiciary, Financial, Public, and Law Enforcement\nEntities\nMar 2023\nBlindEagle flying high in Latin America\nJul 2023\nBlind Eagle's North American Journey\nJun 2024\nBlindEagle Targets Colombian Insurance Sector with BlotchyQuasar\nNov 2024\nThe Growing Danger of Blind Eagle: One of Latin America’s Most\nDangerous Cyber Criminal Groups Targets Colombia\nInformation\nMITRE ATT\u0026CK Last change to this card: 16 August 2025\nDownload this actor card in PDF or JSON format\nSource: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=1421d8ca-9aff-4245-8ee4-cdf72c4c65c5\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=1421d8ca-9aff-4245-8ee4-cdf72c4c65c5\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/showcard.cgi?u=1421d8ca-9aff-4245-8ee4-cdf72c4c65c5"
	],
	"report_names": [
		"showcard.cgi?u=1421d8ca-9aff-4245-8ee4-cdf72c4c65c5"
	],
	"threat_actors": [
		{
			"id": "98b22fd7-bf1b-41a6-b51c-0e33a0ffd813",
			"created_at": "2022-10-25T15:50:23.688973Z",
			"updated_at": "2026-04-10T02:00:05.390055Z",
			"deleted_at": null,
			"main_name": "APT-C-36",
			"aliases": [
				"APT-C-36",
				"Blind Eagle"
			],
			"source_name": "MITRE:APT-C-36",
			"tools": [
				"Imminent Monitor"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "be597b07-0cde-47bc-80c3-790a8df34af4",
			"created_at": "2022-10-25T16:07:23.407484Z",
			"updated_at": "2026-04-10T02:00:04.58656Z",
			"deleted_at": null,
			"main_name": "Blind Eagle",
			"aliases": [
				"APT-C-36",
				"APT-Q-98",
				"AguilaCiega",
				"G0099"
			],
			"source_name": "ETDA:Blind Eagle",
			"tools": [
				"AsyncRAT",
				"BitRAT",
				"Bladabindi",
				"BlotchyQuasar",
				"Imminent Monitor",
				"Imminent Monitor RAT",
				"Jorik",
				"LimeRAT",
				"Remcos",
				"RemcosRAT",
				"Remvio",
				"Socmer",
				"Warzone",
				"Warzone RAT",
				"njRAT"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "bd43391b-b835-4cb3-839a-d830aa1a3410",
			"created_at": "2023-01-06T13:46:38.925525Z",
			"updated_at": "2026-04-10T02:00:03.147197Z",
			"deleted_at": null,
			"main_name": "APT-C-36",
			"aliases": [
				"Blind Eagle"
			],
			"source_name": "MISPGALAXY:APT-C-36",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434421,
	"ts_updated_at": 1775792120,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/adc80e1a9a6d5ad5479bd4f7e4f3ac500cc3fa49.pdf",
		"text": "https://archive.orkl.eu/adc80e1a9a6d5ad5479bd4f7e4f3ac500cc3fa49.txt",
		"img": "https://archive.orkl.eu/adc80e1a9a6d5ad5479bd4f7e4f3ac500cc3fa49.jpg"
	}
}