Pulse Detail — Threat Intelligence

PULSE NAME

Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Bitter APT adds Bangladesh to their targets

WHITE Bitter caralin0702 2022-05-12 Modified: 2022-05-12

IOCs

HIGH VOLUME

Security researcher Cisco Talos has identified the Bitter APT group, a South Asian state-sponsored cyber-espionage group that appears to be targeting high-ranking police officers in Bangladesh, from August 2021.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1566 T1102 T1053 T1033 T1057 T1140 T1059 T1559 T1071

MALWARE FAMILIES

RdxFactory.exe Artra

Indicators of Compromise (78)

All domain FileHash-MD5 FileHash-SHA1 FileHash-SHA256 CVE URL email hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
domain	levarisnetqlsvc.net	—	2022-05-12
FileHash-MD5	b9025eca96614a473e204e9e8a873e1d	MD5 of fa0ed2faa3da831976fee90860ac39d50484b20bee692ce7f0ec35a15670fa92	2022-05-12
FileHash-MD5	bdbbd70229591fb1102365f4bb22196b	MD5 of b0b687977eee41ee7c3ed0d9d179e8c00181f0c0db64eebc0005a5c6325e8a82	2022-05-12
FileHash-SHA1	2360e4cff14fbfb2af6c80dbd7028d682fe2634e	SHA1 of fa0ed2faa3da831976fee90860ac39d50484b20bee692ce7f0ec35a15670fa92	2022-05-12
FileHash-SHA1	b12e459dd3857f5379ac99e48def4ad2b8a3aa16	SHA1 of b0b687977eee41ee7c3ed0d9d179e8c00181f0c0db64eebc0005a5c6325e8a82	2022-05-12
FileHash-SHA256	b0b687977eee41ee7c3ed0d9d179e8c00181f0c0db64eebc0005a5c6325e8a82	—	2022-05-12
FileHash-SHA256	fa0ed2faa3da831976fee90860ac39d50484b20bee692ce7f0ec35a15670fa92	—	2022-05-12
CVE	CVE-2017-11882	—	2022-05-12
CVE	CVE-2018-0798	—	2022-05-12
CVE	CVE-2018-0802	—	2022-05-12
CVE	CVE-2021-28310	—	2022-05-12
FileHash-MD5	2454a5b5f7793d372c96fd572c1de2cc	MD5 of 90fd32f8f7b494331ab1429712b1735c3d864c8c8a2461a5ab67b05023821787	2022-05-12
FileHash-MD5	2a340b72e16fb1ece13d7f553ec3c266	MD5 of e4545764e0c54ed1e1321a038fa2c1921b5b70a591c95b24127f1b9de7212af8	2022-05-12
FileHash-MD5	2c8ed4045b76a1eca8c8d0161a4b65ec	MD5 of 69b397400043ec7036e23c225d8d562fdcd3be887f0d076b93f6fcaae8f3dd61	2022-05-12
FileHash-MD5	527dc131149644af439e0e8f96a2c4eb	MD5 of b7765ff16309baacff3b19d1a1a5dd7850a1640392f64f19353e8a608b5a28c5	2022-05-12
FileHash-MD5	5e5201514800509b2e75a3fcffad7405	MD5 of f7ed5eec6d1869498f2fca8f989125326b2d8cee8dcacf3bc9315ae7566963db	2022-05-12
FileHash-SHA1	04a75df9b60290efb1a2d934570ad203a23f4e9c	—	2022-05-12
FileHash-SHA1	0cbf8c7ff9faf01a9b5c3874e9a9d49cbbf5037b	—	2022-05-12
FileHash-SHA1	25092b60d972e574ed593a468564de2394fa008b	—	2022-05-12
FileHash-SHA1	33f7efb563052da4d25405dd7f0366bb3bff5b26	SHA1 of f7ed5eec6d1869498f2fca8f989125326b2d8cee8dcacf3bc9315ae7566963db	2022-05-12
FileHash-SHA1	3ba50221785aa8d1f2dea2894fc9a9449e826724	SHA1 of b7765ff16309baacff3b19d1a1a5dd7850a1640392f64f19353e8a608b5a28c5	2022-05-12
FileHash-SHA1	4fbde39a0735d1ad757038072cf541dfdc65faa3	—	2022-05-12
FileHash-SHA1	530f597666afc147886f5ad651b5071d0cc894ba	—	2022-05-12
FileHash-SHA1	5a972665b590cc77dcdfb4500c04acda5dc1cc4e	—	2022-05-12
FileHash-SHA1	7a94a3dcd68792877a4ca8747e23ec084b12da16	SHA1 of e4545764e0c54ed1e1321a038fa2c1921b5b70a591c95b24127f1b9de7212af8	2022-05-12
FileHash-SHA1	aeb02ac0c0f0793651f32a3c0f594ce79ba99e82	—	2022-05-12
FileHash-SHA1	b17f0381fc7e4c4c6bb15dfcc0c37d2945266c6e	SHA1 of 69b397400043ec7036e23c225d8d562fdcd3be887f0d076b93f6fcaae8f3dd61	2022-05-12
FileHash-SHA1	bcd7a2191af9ddb1bd627e36a55fc55680e36f51	SHA1 of 90fd32f8f7b494331ab1429712b1735c3d864c8c8a2461a5ab67b05023821787	2022-05-12
FileHash-SHA256	3fdf291e39e93305ebc9df19ba480ebd60845053b0b606a620bf482d0f09f4d3	—	2022-05-12
FileHash-SHA256	490e9582b00e2622e56447f76de4c038ae0b658a022e6bc44f9eb0ddf0720de6	—	2022-05-12
FileHash-SHA256	69b397400043ec7036e23c225d8d562fdcd3be887f0d076b93f6fcaae8f3dd61	—	2022-05-12
FileHash-SHA256	90fd32f8f7b494331ab1429712b1735c3d864c8c8a2461a5ab67b05023821787	—	2022-05-12
FileHash-SHA256	b7765ff16309baacff3b19d1a1a5dd7850a1640392f64f19353e8a608b5a28c5	—	2022-05-12
FileHash-SHA256	ce922a20a73182c18101dae7e5acfc240deb43c1007709c20ea74c1dd35d2b12	—	2022-05-12
FileHash-SHA256	e4545764e0c54ed1e1321a038fa2c1921b5b70a591c95b24127f1b9de7212af8	—	2022-05-12
FileHash-SHA256	f7ed5eec6d1869498f2fca8f989125326b2d8cee8dcacf3bc9315ae7566963db	—	2022-05-12
URL	http://autodefragapp.com/	—	2022-05-12
URL	http://levarisnetqlsvc.net/	—	2022-05-12
URL	http://levarisnetqlsvc.net/drw/drw	—	2022-05-12
URL	http://levarisnetqlsvc.net/jig/gij	—	2022-05-12
URL	http://levarisnetqlsvc.net/lt.php	—	2022-05-12
URL	http://levarisnetqlsvc.net/lt.php/?dt=%25computername%25-LT-2&ct=LT	—	2022-05-12
URL	http://olmajhnservice.com/	—	2022-05-12
URL	http://olmajhnservice.com/nt.php	—	2022-05-12
URL	http://olmajhnservice.com/nt.php/	—	2022-05-12
URL	http://olmajhnservice.com/nt.php/?dt=	—	2022-05-12
URL	http://olmajhnservice.com/nt.php/?dt=%25computername%25-BKP&ct=BKP	—	2022-05-12
URL	http://olmajhnservice.com/nt.php/?dt=%25computername%25-EX-1	—	2022-05-12
URL	http://olmajhnservice.com/nt.php/?dt=%25computername%25-EX-1&amp	—	2022-05-12
URL	http://olmajhnservice.com/nt.php/?dt=%25computername%25-EX-1&ct=1	—	2022-05-12
URL	http://olmajhnservice.com/nt.php/?dt=%25computername%25-EX-1&ct=1	—	2022-05-12
URL	http://olmajhnservice.com/nt.php/?dt=%25computername%25-EX-2&ct=2	—	2022-05-12
URL	http://olmajhnservice.com/nt.php/?dt=%25computername%25-EX-3&ct=3	—	2022-05-12
URL	http://olmajhnservice.com/nt.php/?dt=%25username%25-EX-3&ct=1	—	2022-05-12
URL	http://olmajhnservice.com/nt.php/?dt=%25username%25-EX-3&ct=1	—	2022-05-12
URL	http://olmajhnservice.com/nt.php/?dt=%25username%25-EX-3ct=1	—	2022-05-12
URL	http://olmajhnservice.com/nt.php?dt=%25computername%25-ex-1&amp	—	2022-05-12
URL	http://olmajhnservice.com/nxl/nx	—	2022-05-12
URL	http://olmajhnservice.com/nxl/nx/	—	2022-05-12
URL	http://olmajhnservice.com/updateReqServ10893x.php?x=035347	—	2022-05-12
URL	http://urocakpmpanel.com/	—	2022-05-12
URL	http://urocakpmpanel.com/axl/ax	—	2022-05-12
URL	http://urocakpmpanel.com/nt.php	—	2022-05-12
URL	http://urocakpmpanel.com/nt.php/?dt=%25computername	—	2022-05-12
URL	http://urocakpmpanel.com/nt.php/?dt=%25computername%25-****	—	2022-05-12
URL	http://urocakpmpanel.com/nt.php?dt=%25computername%25-****	—	2022-05-12
URL	http://urocakpmpanel.com:33324/	—	2022-05-12
domain	autodefragapp.com	—	2022-05-12
domain	mswsceventlog.net	—	2022-05-12
domain	olmajhnservice.com	—	2022-05-12
domain	tomcruefrshsvc.com	—	2022-05-12
domain	urocakpmpanel.com	—	2022-05-12
email	arc@desto.gov.pk	—	2022-05-12
email	chief_pia@pc.gov.pk	—	2022-05-12
email	ddscm2@pof.gov.pk	—	2022-05-12
email	mem_psd@pc.gov.pk	—	2022-05-12
email	so.dc@pc.gov.pk	—	2022-05-12
hostname	helpdesk.autodefragapp.com	—	2022-05-12

References (1)

↗ https://blog.talosintelligence.com/2022/05/bitter-apt-adds-bangladesh-to-their.html