← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Don't get BITTER about being targeted -- fight back with the help of the community.
WHITE BITTER AlienVault 2024-03-01 Modified: 2024-03-01
173
IOCs
HIGH VOLUME
When enterprise security operations centers receive alerts about obvious true positive detections, they want to quickly understand the severity to determine if it is a critical threat that needs immediate containment. Threat intelligence analysts can provide context about whether the attack is part of a bigger campaign. Although some victim and vendor analysis is still closely held, there has been a clear increase in sharing of threat intelligence within the TLP-white community. Analysts often cannot submit samples to services like VirusTotal due to privacy restrictions, so they cannot take advantage of crowdsourced threat intel. The CARA platform guides analysts through investigative steps without compromising controls. By pivoting on domains, behaviors and code similarities, analysts can connect alerts to related attacks, like BITTER campaigns, to inform response priorities.
aptattack campaignhavexchmbackdoor.oldreadarkwatchman
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
DarkWatchman - S0673 Backdoor.Oldrea - S0093 Havex
Indicators of Compromise (173)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 16696b82884de21b3ef5a3b27872d53c 2024-03-01
FileHash-MD5 1fa66d93db415a90e1ba6b09a53cc694 2024-03-01
FileHash-MD5 26c59bd3fd3d6680c1c1e86dc34716fd 2024-03-01
FileHash-MD5 2fb6ffb8bd8861943893127d2956749b 2024-03-01
FileHash-MD5 3018798bc32f02fb392197c4731095f9 2024-03-01
FileHash-MD5 313bee67ac85d0aed3fbd049f9d2b0e3 2024-03-01
FileHash-MD5 338240093510cdb40897901e1cc4e619 2024-03-01
FileHash-MD5 34104f2ee58f629d7222cce339a24db5 2024-03-01
FileHash-MD5 46545bb03e5359262a125133a91632dc 2024-03-01
FileHash-MD5 485b6e2bef303251789827d7829e3a3e 2024-03-01
FileHash-MD5 59d03e432dfa160afa906a216180a1bc 2024-03-01
FileHash-MD5 85b2457b9f851247072cff5d9c5c829e 2024-03-01
FileHash-MD5 86b57b0ec360f45331fc5e4eb5c99611 2024-03-01
FileHash-MD5 9cee927ab9dbfcee1105f6164d4c517e 2024-03-01
FileHash-MD5 a23ed54ce55c04307a5c6df0325bd9a7 2024-03-01
FileHash-MD5 a28f1762aff9d3538efd3c2e58244e76 2024-03-01
FileHash-MD5 adb2e4e332efacee1c3a0a34f283331b 2024-03-01
FileHash-MD5 c42aafc41fa033643c7eb1c06d433ee1 2024-03-01
FileHash-MD5 ce4204e5f9bd17c030a14d4be543240c 2024-03-01
FileHash-MD5 e19dda58beebac867b334fe6bb3f9853 2024-03-01
FileHash-MD5 e2cbde3b921dc3f9d5786b0c9da5c578 2024-03-01
FileHash-MD5 e5e6de1b80ddc27f7bf0f3c643668359 2024-03-01
FileHash-MD5 ec19a61b8e8311dc5de96481a74f2afd 2024-03-01
FileHash-MD5 ee77f32d0932037760742b70dc2ec725 2024-03-01
FileHash-MD5 f70358c0f33c793ff763f36ab0f94d89 2024-03-01
FileHash-SHA1 0d6ff31bc473216220bc15ce0f3e892f1b930b02 2024-03-01
FileHash-SHA1 0e51c72f1a6d810119e4345ad1a04ffd80168439 2024-03-01
FileHash-SHA1 1282500db611dbb4075ec6322b40920ea9ff2b05 2024-03-01
FileHash-SHA1 3aba103f2d243af44c0ab715956d2c0d0a9a58d8 2024-03-01
FileHash-SHA1 3bb4184ab6f3c268926a062566634a4e85677cd3 2024-03-01
FileHash-SHA1 5f4ca9b34c059533e0359016d30f278807c5d77c 2024-03-01
FileHash-SHA1 65943b5c4bfaff315e5e40ff2f134678f9be9f25 2024-03-01
FileHash-SHA1 673bece61d5b5b1c7d13d5d2517dae837d139a15 2024-03-01
FileHash-SHA1 8365aaa97bae7a9d44680b7c45fac317878223b7 2024-03-01
FileHash-SHA1 871bdd58fea09868ee93a8550fd650bcf719fe1b 2024-03-01
FileHash-SHA1 8d4dc70f457b5bcaca1c1b190b296d82b8432afc 2024-03-01
FileHash-SHA1 8d8fd0dd072608167ec777300f6a644c08b6b904 2024-03-01
FileHash-SHA1 9c3088687fc3885e5ae7984d7ee5bd4f4bc09cfa 2024-03-01
FileHash-SHA1 a5432b3f410d37b8426c5da3c0f5326a2ea1f1c3 2024-03-01
FileHash-SHA1 abb7917e1ffd689ad58af1878b02e6a5b21a41c0 2024-03-01
FileHash-SHA1 b9ae98cc6072ba2a9d15ce8e888755a99b7eef8e 2024-03-01
FileHash-SHA1 c2369bb1cd60242b72beebb810adf6395d4b3b5b 2024-03-01
FileHash-SHA1 cfa4c6c5cbfb873550a04349fc38131bb831e8c7 2024-03-01
FileHash-SHA1 d1fcdf1b5c8665788e773cff592d1868cdc9094c 2024-03-01
FileHash-SHA1 e05899141f708e69cbafcbf3d82ff954db36b6e8 2024-03-01
FileHash-SHA1 f2a73507e8317775d7be06ffa7f97cbaac88a069 2024-03-01
FileHash-SHA1 f55f33a9ef452af8f4e244f42732e3700c3db878 2024-03-01
FileHash-SHA1 f7fb0537cf5f53d702fe5892fbab51e7aca62eaf 2024-03-01
FileHash-SHA1 f8aad0465aa03e52eead6a0dd10794d96ff8023a 2024-03-01
FileHash-SHA1 fd074c6ea59155ef03f1fb0464fe3af1faf5a4be 2024-03-01
FileHash-SHA256 06dd9a7aebe0995b23526f04eabc85db3d2d98def9be58c1012a1280f5aa63f1 2024-03-01
FileHash-SHA256 094305681d64999d29d95e7839ad801b3a8c479fb08d2493f00bf4687c646012 2024-03-01
FileHash-SHA256 15161231be575991c70252cc33cdd2c41b5c3b255d6510790bef32be9b6ff5a2 2024-03-01
FileHash-SHA256 1ea9e9ecd0e5b0ac4aedc1b5515484a372dd8aefb1dbeb00f243a0a3ce40fab9 2024-03-01
FileHash-SHA256 20aa80472d58350f1f7d61026b0ee97932ef6f6a607706034863c6a878d83d2a 2024-03-01
FileHash-SHA256 22dd82c94cadf5cf31b3e9519e8149d4a68fe13bac13eaef91bf283a4beb8101 2024-03-01
FileHash-SHA256 2fe49d93b5dcf19a2b60e91756246b051adc89303151c9e0b875c3f21c698be9 2024-03-01
FileHash-SHA256 35a7feb273ad532b79a5b9e0536642c23c888ec9338369b2159d6f42e2b626e7 2024-03-01
FileHash-SHA256 382c64eae475fbd849914e37624f58892f72fd97517de88d368535213816961d 2024-03-01
FileHash-SHA256 3f7747266721c8494f8722a8fa9c20368c714002db3b3741fd807e665c8c2ba7 2024-03-01
FileHash-SHA256 408292710999abc4d37f23a6672ef407d70ffb4dc2e3e030a5ec705735c1f8bd 2024-03-01
FileHash-SHA256 445c801e857329e1740745b4949349a02971530c4f5d28a8e9e5489c3516933a 2024-03-01
FileHash-SHA256 48c715cb2a2dd70ece6c4dea58522e9f8c2b9265394f5f06d8d3ccb497071939 2024-03-01
FileHash-SHA256 490eccbb2712e7752a0ba193f783de9d333f67ba1fde5bb130280c5abf77555a 2024-03-01
FileHash-SHA256 4f94e7bd1515e0025293fb5a041bc41c20a7dd15a6dd0bc7076145a69d5238c0 2024-03-01
FileHash-SHA256 510b3de50c8dfc20a3085166f373a5f12475c7915984de0afa3cc0bff0c2580d 2024-03-01
FileHash-SHA256 561ace43f77de135d5b3286bd2ef270b185d0abdba15d442551211068f8bbf11 2024-03-01
FileHash-SHA256 5a12c312fa06cce9aa92496fb69cfec6f814d0d3622e1ad17c2fafd79d64a087 2024-03-01
FileHash-SHA256 5b90d4c397e575965ed49082981fd34272b5e1da010057f6ebcdd4f53a409ad0 2024-03-01
FileHash-SHA256 62e42d3e778fd79b7989966b057c24c141531f871a7c73703b35858ab3d13f47 2024-03-01
FileHash-SHA256 636c2a16f94b5e30e725527a1bd2215399f98f17cc08580bc7358751b9eb2944 2024-03-01
FileHash-SHA256 66a73b1b3b51a1c6a56db2d20cff9af3d1362b989989b5d9543d2e9b92ac9a3d 2024-03-01
FileHash-SHA256 6d33065e91a1159142ba61e4982190bfe02235b60808a33275ff9ccc688b7f23 2024-03-01
FileHash-SHA256 7f8dec191ee184b7b776dc24841a24291020a0338ede80bebb34c2bc4e6bc47c 2024-03-01
FileHash-SHA256 825abcdd216c1f717951b02cf8d91ab6b3bdf915fb5532ebb400e15e6625e0af 2024-03-01
FileHash-SHA256 83ca53918af3ea659d767e489a1e42ea97879e3e534f68c4edc7d0eb77f44204 2024-03-01
FileHash-SHA256 876122fcc9e0d5ebd42df9e93d37ad23d9f521e6077e9cb8b05862ae157757e3 2024-03-01
FileHash-SHA256 8cfc803459682619e97f172e9cca33458fdf38b0b9ca09f8ccbc7df16f09240f 2024-03-01
FileHash-SHA256 92307952ceb92be981ba8c1c83febf11e6379e1ee492436ee7caff08bb290fbb 2024-03-01
FileHash-SHA256 95990cac90d19e6fe48bff85a72148c35facbb2e61b1f326d85e82603240a741 2024-03-01
FileHash-SHA256 986ff32b5fb4409495cc82aae223712a185d0f36cdcc6c7b81213c12704d3b28 2024-03-01
FileHash-SHA256 9ad342489796e18fb385d5874d9a9867418a3b01d6f65307e9c183ec04494a70 2024-03-01
FileHash-SHA256 a2e3f464e1c39909f47f0b837b04e1256061f4a9698678e097b4dd09aa4de9c1 2024-03-01
FileHash-SHA256 b0f8c8e48d4a1e78550bda551745219613cc3dca7068da86688b95051d7c249e 2024-03-01
FileHash-SHA256 b4ab34aa754c979e6173d8b73f1d56611fd4e82801dd4a11cc7ce7a37f3db6c1 2024-03-01
FileHash-SHA256 b514635f569791316e1c55057f63f596847e23c0fa1ca0f751c5a2135f72b8ff 2024-03-01
FileHash-SHA256 c0d926b33ae2351a9a528ba4d7ca13be7d55ba3455d52c5a69c8b381ade28ed0 2024-03-01
FileHash-SHA256 c24efc7c4dafd4f0b39e7ae7e84627fbd0fb766019b820cb11edbb8dda54de66 2024-03-01
FileHash-SHA256 c492bdf749b0a229cb256e1ee04e1c48b7472a351f04605415c11d40063cd14a 2024-03-01
FileHash-SHA256 c77ae7c9533eddbb5f2b80889590436aac7df6166abefc51d5a65f775e6258dc 2024-03-01
FileHash-SHA256 e1b1b65b06b015f18b572e6b509f75d6b7c17b1c60a41d1adeb61e05f41bb3e1 2024-03-01
FileHash-SHA256 e8b7fffa0a2d8a2051c3272bfaefffe7174707756cb8469c0f985bfa03fce476 2024-03-01
FileHash-SHA256 e96a5ab01c95bd9e5b266379e7365bb1c07549b56ae7992d32e09728c4221db4 2024-03-01
FileHash-SHA256 eaa013b863bda3bd76c6f6073cc304002d1a9f317c8fba9c362534aff7dd1b0b 2024-03-01
FileHash-SHA256 f2f783a72e955ecbcddc448764921a753bd1ac4dd14128200bb4866021287ae7 2024-03-01
FileHash-SHA256 f598f3bd60a39ad5861f145e82b33acde146b6ed5c2ffd9c6862ca1ea635afbf 2024-03-01
FileHash-SHA256 f5eec8ae7f8646328b9de05931fadc3f693c0a3f0f7d1aa0a90071445072dd3f 2024-03-01
FileHash-SHA256 f8749de274e9f7656ca51edb78aaaea56913aa35557866e5a6e1cb0773082c99 2024-03-01
FileHash-SHA256 fec00455734451b722f3037e0a668c280c5ddbec1d905c647bf1a7f153856860 2024-03-01
URL http://adamsresearchshare.com/mack.php 2024-03-01
URL http://adamsresearchshare.com/textcmd/cmd1.php 2024-03-01
URL http://bensnewfashionstyles.com/ryder/ring.php?ref= 2024-03-01
URL http://cogniviosphere.net/css/js.php?st= 2024-03-01
URL http://commonlifesupport.com/ssu.php?s=%computername%_%username% 2024-03-01
URL http://daveonenewtestpanel.com/axis/cone.php?rad= 2024-03-01
URL http://dnldsalecraze.com/critical/shopper.php?crt= 2024-03-01
URL http://dracjohnsupport.com/park/jeff.php?wan= 2024-03-01
URL http://ellearningstore.com/rest/api.php?rst= 2024-03-01
URL http://erswuniconsharing.com/rest/api.php?rver= 2024-03-01
URL http://farleysmxpph.com/FOXX/far.php 2024-03-01
URL http://farleysmxpph.com/SEED/rag.php?tuo= 2024-03-01
URL http://farlookclinic.com/DMMA/hfo.php?pi= 2024-03-01
URL http://folkmusicstreams.com/TIME/mac.php?sit= 2024-03-01
URL http://isndatumhost.com/cvrss.jpg 2024-03-01
URL http://isndatumhost.com/turn.msi 2024-03-01
URL http://jlmusiklearn.com/est/api.php?mag= 2024-03-01
URL http://lroliviapanel.com/frst.php?ys= 2024-03-01
URL http://mikeyourevents.com/CP/tre.php?pi= 2024-03-01
URL http://mobisharestock.com/csxdz/wave.php/?h= 2024-03-01
URL http://mxsiclienteventlog.com/ROAM/gret.php?max= 2024-03-01
URL http://myprivatehostsvc.com/assets/js.php?h= 2024-03-01
URL http://myprivatehostsvc.com/xuisy/css.php?h= 2024-03-01
URL http://newlbfashions.com/kna.php?ka= 2024-03-01
URL http://northgenstudios.com/ML/vbn.php?pi= 2024-03-01
URL http://novaoutletclub.com/drop/fall.php?st= 2024-03-01
URL http://novaoutletclub.com/valid/validate.php?st= 2024-03-01
URL http://novasapothecary.com/REXI/info.php?max= 2024-03-01
URL http://onlinehealthmatters.info/urban/rute.php?fox= 2024-03-01
URL http://paulalesiastyles.com/duh.php?hp= 2024-03-01
URL http://thenewmusictunes.com/WVKA/qbv.php 2024-03-01
URL http://updnangelgroup.com/ridge/visors.php?crt= 2024-03-01
URL http://upulllogistics.com/wipe/ret.php?eer= 2024-03-01
URL http://w32timeslicesvc.net/jscript/jsp.php?h= 2024-03-01
URL http://wbfashionshow.com/TERM/rig.php?min= 2024-03-01
URL http://wcnsappword.com/wmis/wave.php?xas= 2024-03-01
URL http://xiuxonlinehost.com/VZAD/gls.php?pop= 2024-03-01
domain adamsresearchshare.com 2024-03-01
domain bensnewfashionstyles.com 2024-03-01
domain cogniviosphere.net 2024-03-01
domain commonlifesupport.com 2024-03-01
domain daveonenewtestpanel.com 2024-03-01
domain diyefosterfeeds.com 2024-03-01
domain dnldsalecraze.com 2024-03-01
domain dracjohnsupport.com 2024-03-01
domain ellearningstore.com 2024-03-01
domain erswuniconsharing.com 2024-03-01
domain farleysmxpph.com 2024-03-01
domain farlookclinic.com 2024-03-01
domain folkmusicstreams.com 2024-03-01
domain hallanskylarks.com 2024-03-01
domain isndatumhost.com 2024-03-01
domain jjwappconsole.com 2024-03-01
domain jlmusiklearn.com 2024-03-01
domain kaatmusiclab.com 2024-03-01
domain lroliviapanel.com 2024-03-01
domain mikeyourevents.com 2024-03-01
domain mobisharestock.com 2024-03-01
domain mxsiclienteventlog.com 2024-03-01
domain myprivatehostsvc.com 2024-03-01
domain newlbfashions.com 2024-03-01
domain northgenstudios.com 2024-03-01
domain novaoutletclub.com 2024-03-01
domain novasapothecary.com 2024-03-01
domain onlinehealthmatters.info 2024-03-01
domain paulalesiastyles.com 2024-03-01
domain thenewmusictunes.com 2024-03-01
domain updnangelgroup.com 2024-03-01
domain upulllogistics.com 2024-03-01
domain w32timeslicesvc.net 2024-03-01
domain wbfashionshow.com 2024-03-01
domain wcnsappword.com 2024-03-01
domain webmailcgwip.com 2024-03-01
domain xiuxonlinehost.com 2024-03-01
References (1)
↗ https://blog.strikeready.com/blog/dont-get-bitter-about-being-targeted--fight-back-with-the-help-of-the-community./