TIARAS - APT-C-36

Threat Actor Profile

High APT

Description

APT-C-36is a suspected South American threat group that has engaged in espionage and financially motivated operations since at least 2018.APT-C-36has targeted government institutions and entities in the financial, energy, and professional manufacturing sectors across Colombia and other Latin American countries.[1][2][3][4]

Confidence Score

100%

First Seen

Unknown

Last Updated

April 29, 2026
18 hours, 44 minutes ago

Active Status

Active

Created

April 29, 2026

MITRE ATT&CK Techniques (23)

T1105 - Ingress Tool Transfer

Command and Control

T1568 - Dynamic Resolution

Command and Control

T1571 - Non-Standard Port

Command and Control

T1027 - Obfuscated Files or Information

Defense Evasion

T1036 - Masquerading

Defense Evasion

T1055 - Process Injection

Defense Evasion

T1480 - Execution Guardrails

Defense Evasion

T1564 - Hide Artifacts

Defense Evasion

T1047 - Windows Management Instrumentation

Execution

T1053 - Scheduled Task/Job

Execution

T1059 - Command and Scripting Interpreter

Execution

T1204 - User Execution

Execution

T1566 - Phishing

Initial Access

T1534 - Internal Spearphishing

Lateral Movement

T1133 - External Remote Services

Persistence

T1574 - Hijack Execution Flow

Persistence

T1593 - Search Open Websites/Domains

Reconnaissance

T1583 - Acquire Infrastructure

Resource Development

T1584 - Compromise Infrastructure

Resource Development

T1586 - Compromise Accounts

Resource Development

T1587 - Develop Capabilities

Resource Development

T1588 - Obtain Capabilities

Resource Development

T1608 - Stage Capabilities

Resource Development

Indicators of Compromise

Loading IOCs…

STIX Data

{'aliases': [],
 'description': 'APT-C-36is a suspected South American threat group that has '
                'engaged in espionage and financially motivated operations '
                'since at least 2018.APT-C-36has targeted government '
                'institutions and entities in the financial, energy, and '
                'professional manufacturing sectors across Colombia and other '
                'Latin American countries.[1][2][3][4]',
 'external_references': [{'external_id': 'G0099',
                          'source_name': 'mitre-attack',
                          'url': 'https://attack.mitre.org/groups/G0099/'}],
 'id': 'threat-actor--G0099',
 'metadata': {'crawled_at': '2026-04-29T14:32:30.089722+00:00',
              'mitre_group_id': 'G0099',
              'page_title': 'APT-C-36, Blind Eagle, TAG-144, AguilaCiega, '
                            'APT-Q-98, Group G0099 | MITRE ATT&CK®'},
 'name': 'APT-C-36',
 'type': 'threat-actor'}

Quick Actions

Related TTPs (23)

Ingress Tool Transfer
Command and Control

Dynamic Resolution
Command and Control

Non-Standard Port
Command and Control

Obfuscated Files or Informati…
Defense Evasion

Masquerading
Defense Evasion

View All 23 TTPs

Back to Threat Actors

Dashboard Home

Threat Actor Profile

Description

Confidence Score

Tags

First Seen

Last Updated

Active Status

Created

MITRE ATT&CK Techniques (23)

T1105 - Ingress Tool Transfer

T1568 - Dynamic Resolution

T1571 - Non-Standard Port

T1027 - Obfuscated Files or Information

T1036 - Masquerading

T1055 - Process Injection

T1480 - Execution Guardrails

T1564 - Hide Artifacts

T1047 - Windows Management Instrumentation

T1053 - Scheduled Task/Job

T1059 - Command and Scripting Interpreter

T1204 - User Execution

T1566 - Phishing

T1534 - Internal Spearphishing

T1133 - External Remote Services

T1574 - Hijack Execution Flow

T1593 - Search Open Websites/Domains

T1583 - Acquire Infrastructure

T1584 - Compromise Infrastructure

T1586 - Compromise Accounts

T1587 - Develop Capabilities

T1588 - Obtain Capabilities

T1608 - Stage Capabilities

Indicators of Compromise

IOC KQL for Sentinel

STIX Data

Quick Actions

Related TTPs (23)

Please wait…