← Back to Pulse Feed
PULSE DETAIL
The SECUINFRA Falcon Team analysed a recent attack conducted by an advanced persistent threat group, known as Bitter, which is targeting military organisations from Bangladesh, as well as Chinese and Saudi Arabian organizations.
MITRE ATT&CK & Malware Families
Indicators of Compromise (40)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | 59b043a913014a1f03258c695b9333af | MD5 of 3fdf291e39e93305ebc9df19ba480ebd60845053b0b606a620bf482d0f09f4d3 | 2022-07-06 | |
| FileHash-MD5 | b9025eca96614a473e204e9e8a873e1d | MD5 of fa0ed2faa3da831976fee90860ac39d50484b20bee692ce7f0ec35a15670fa92 | 2022-07-06 | |
| FileHash-SHA1 | 2360e4cff14fbfb2af6c80dbd7028d682fe2634e | SHA1 of fa0ed2faa3da831976fee90860ac39d50484b20bee692ce7f0ec35a15670fa92 | 2022-07-06 | |
| FileHash-SHA1 | 2af2dcd9482a281228d987723640203e08ff93c9 | SHA1 of 3fdf291e39e93305ebc9df19ba480ebd60845053b0b606a620bf482d0f09f4d3 | 2022-07-06 | |
| FileHash-SHA256 | 3fdf291e39e93305ebc9df19ba480ebd60845053b0b606a620bf482d0f09f4d3 | — | 2022-07-06 | |
| FileHash-SHA256 | fa0ed2faa3da831976fee90860ac39d50484b20bee692ce7f0ec35a15670fa92 | — | 2022-07-06 | |
| CVE | CVE-2018-0798 | — | 2022-07-06 | |
| FileHash-MD5 | 1bf615946ad9ea7b5a282a8529641bf6 | MD5 of 358867f105b517624806c3315c5426803f7c42a7 | 2022-07-06 | |
| FileHash-MD5 | 2454a5b5f7793d372c96fd572c1de2cc | MD5 of 90fd32f8f7b494331ab1429712b1735c3d864c8c8a2461a5ab67b05023821787 | 2022-07-06 | |
| FileHash-MD5 | 2c8ed4045b76a1eca8c8d0161a4b65ec | MD5 of 69b397400043ec7036e23c225d8d562fdcd3be887f0d076b93f6fcaae8f3dd61 | 2022-07-06 | |
| FileHash-MD5 | 6e4b4eb701f3410ebfb5925db32b25dc | MD5 of c330ef43bbee001296c6c120cf68e4c90d078d9c | 2022-07-06 | |
| FileHash-MD5 | 71e1cfb5e5a515cea2c3537b78325abf | MD5 of bcc9e35c28430264575831e851182eca7219116f | 2022-07-06 | |
| FileHash-MD5 | a1d9e1dccfbba118d52f95ec6cc7c943 | — | 2022-07-06 | |
| FileHash-MD5 | d58e6f93bd1eb81eacc965d530709246 | — | 2022-07-06 | |
| FileHash-SHA1 | 358867f105b517624806c3315c5426803f7c42a7 | — | 2022-07-06 | |
| FileHash-SHA1 | 8efa4d5574a0c80733e9824ec146521385a68424 | — | 2022-07-06 | |
| FileHash-SHA1 | a47aec515f303ae7f427d98fc69fe828fa9c6ec6 | — | 2022-07-06 | |
| FileHash-SHA1 | b17f0381fc7e4c4c6bb15dfcc0c37d2945266c6e | SHA1 of 69b397400043ec7036e23c225d8d562fdcd3be887f0d076b93f6fcaae8f3dd61 | 2022-07-06 | |
| FileHash-SHA1 | bcc9e35c28430264575831e851182eca7219116f | — | 2022-07-06 | |
| FileHash-SHA1 | bcd7a2191af9ddb1bd627e36a55fc55680e36f51 | SHA1 of 90fd32f8f7b494331ab1429712b1735c3d864c8c8a2461a5ab67b05023821787 | 2022-07-06 | |
| FileHash-SHA1 | c330ef43bbee001296c6c120cf68e4c90d078d9c | — | 2022-07-06 | |
| FileHash-SHA256 | 0c7158f9fc2093caf5ea1e34d8b8fffce0780ffd25191fac9c9b52c3208bc450 | — | 2022-07-06 | |
| FileHash-SHA256 | 3992d5a725126952f61b27d43bd4e03afa5fa4a694dca7cf8bbf555448795cd6 | — | 2022-07-06 | |
| FileHash-SHA256 | 55901c2d5489d6ac5a0671971d29a31f4cdfa2e03d56e18c1585d78547a26396 | SHA256 of bcc9e35c28430264575831e851182eca7219116f | 2022-07-06 | |
| FileHash-SHA256 | 69b397400043ec7036e23c225d8d562fdcd3be887f0d076b93f6fcaae8f3dd61 | — | 2022-07-06 | |
| FileHash-SHA256 | 90fd32f8f7b494331ab1429712b1735c3d864c8c8a2461a5ab67b05023821787 | — | 2022-07-06 | |
| FileHash-SHA256 | 91ddbe011f1129c186849cd4c84cf7848f20f74bf512362b3283d1ad93be3e42 | SHA256 of c330ef43bbee001296c6c120cf68e4c90d078d9c | 2022-07-06 | |
| FileHash-SHA256 | bc03923e3cc2895893571068fd20dd0bc626764d06a009b91dac27982e40a085 | SHA256 of 358867f105b517624806c3315c5426803f7c42a7 | 2022-07-06 | |
| FileHash-SHA256 | bd0d25194634b2c74188cfa3be6668590e564e6fe26a6fe3335f95cbc943ce1d | — | 2022-07-06 | |
| FileHash-SHA256 | d83cb82be250604b2089a1198cedd553aaa5e8838b82011d6999bc6431935691 | — | 2022-07-06 | |
| URL | http://emshedulersvc.com/vc/vc | — | 2022-07-06 | |
| URL | http://m.huandocimama.com/JvQKLsTYuMe/xAexyBbnDxW/profiles.php?profiles= | — | 2022-07-06 | |
| YARA | 051e0f8d4471172309e6dd11ff6642bd6f903e51 | Detects Bitter (T-APT-17) PDB Paths | 2022-07-06 | |
| YARA | 3b404215bfcdecab3497feddcb820b7aabf587c5 | Detects Bitter (T-APT-17) Almond RAT (.NET) | 2022-07-06 | |
| YARA | dd1c6d6276efba12eff01052033aa3a3717f3af9 | Detects Bitter (T-APT-17) shellcode in oleObject (CVE-2018-0798) | 2022-07-06 | |
| domain | diyefosterfeeds.com | — | 2022-07-06 | |
| domain | emshedulersvc.com | — | 2022-07-06 | |
| domain | huandocimama.com | — | 2022-07-06 | |
| domain | spurshipbroker.com | — | 2022-07-06 | |
| hostname | m.huandocimama.com | — | 2022-07-06 |