3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
Machete

Machete

ID: 883e080d18d9f405b9bd7c70d5f5fa2368920
Cybercrime State-Sponsored
Threat types: Intrusion, Espionage, Data Theft
Unknown UNKNOWN
Updated: 2026-01-13
Created: 2025-10-21
Progress: 38% Completeness: 33% Freshness: 50%
Operation zone: UNKNOWN
Aliases Limited alias preview
APT-C-43 El Machete
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

Machete is a suspected Spanish-speaking cyber espionage group that has been active since at least 2010. It has primarily focused its operations within Latin America, with a particular emphasis on Venezuela, but also in the US, Europe, Russia, and parts of Asia. Machete generally targets high-profile organizations such as government institutions, intelligence services, and military units, as well as telecommunications and power companies. Ref: https://attack.mitre.org/groups/G0095/


Technique Technique name Tactics Evidence
T1036.005 Match Legitimate Resource Name or Location TA0005
  • Masquerading: Match Legitimate Resource Name or Location - Machete's Machete MSI installer has masqueraded as a legitimate Adobe Acrobat Reader installer. · ref
T1053.005 Scheduled Task TA0002 TA0003 TA0004
  • Scheduled Task/Job: Scheduled Task - Machete has created scheduled tasks to maintain Machete's persistence. · ref
T1059.003 Windows Command Shell TA0002
  • Command and Scripting Interpreter: Windows Command Shell - Machete has used batch files to initiate additional downloads of malicious files. · ref
T1059.005 Visual Basic TA0002
  • Command and Scripting Interpreter: Visual Basic - Machete has embedded malicious macros within spearphishing attachments to download additional files. · ref
T1059.006 Python TA0002
  • Command and Scripting Interpreter: Python - Machete used multiple compiled Python scripts on the victim’s system. Machete's main backdoor Machete is also written in Python. · ref
T1204.001 Malicious Link TA0002
  • User Execution: Malicious Link - Machete has has relied on users opening malicious links delivered through spearphishing to execute malware. · ref
T1204.002 Malicious File TA0002
  • User Execution: Malicious File - Machete has relied on users opening malicious attachments delivered through spearphishing to execute malware. · ref
T1218.007 Msiexec TA0005
  • System Binary Proxy Execution: Msiexec - Machete has used msiexec to install the Machete malware. · ref
T1566.001 Spearphishing Attachment TA0001
  • Phishing: Spearphishing Attachment - Machete has delivered spearphishing emails that contain a zipped file with malicious contents. · ref
T1566.002 Spearphishing Link TA0001
  • Phishing: Spearphishing Link - Machete has sent phishing emails that contain a link to an external server with ZIP and RAR archives. · ref
Strategic Intelligence
Limited preview
No content.
Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Empty Limited preview
No content yet.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Empty Limited preview
No content yet.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Empty Limited preview
No content yet.
IOC Appendix now
Saved successfully.
OSINT Library
Empty Limited preview
No content yet.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/0
No social links registered for this profile.
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
No images found for this threat.