← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Pakistan Telecommunication Company (PTCL) Targeted by Bitter APT During Heightened Regional Conflict
WHITE Bitter PetrP.73 2025-05-29 Modified: 2025-06-28
97
IOCs
HIGH VOLUME
A report from EclecticIQ and Hudson Rock on a spear phishing attack targeting Pakistan's telecommunications sector in May 2025 shows that Bitter APT, a South Asian state-sponsored actor, very likely used stolen email credentials to carry out cyber-enabled espionage.
bitter aptwmratonlinepakistanproofpointptclvirustotalta397c2 serverfileaugustpowershellaprilspearbitter
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Bitter WmRAT
Indicators of Compromise (97)
All FileHash-SHA256 URL domain email hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 15db9daa175d506c3e1eaee339eecde8771599ed81adfac48fa99aa5c2322436 2025-05-29
FileHash-SHA256 36dbf119cb0cca52aed82ca3e69bbe09d96fa92f2831f8e14dc1bd1b6a5e9590 2025-05-29
FileHash-SHA256 de6b41ab72bfa4114c79464d1083737c6dfa55767339d732db8d2edd462832ed 2025-05-29
FileHash-SHA256 edb68223db3e583f9a4dd52fd91867fa3c1ce93a98b3c93df3832318fd0a3a56 2025-05-29
URL http://fogomyart.com/random.php 2025-05-29
URL http://fogomyart.com/vcswin.png 2025-05-29
URL https://fogomyart.com/vcswin 2025-05-29
domain fogomyart.com 2025-05-29
domain greenadelhouse.com 2025-05-29
domain jacknwoods.com 2025-05-29
email ctd@islamabadpolice.gov.pk 2025-05-29
hostname tradesmarkets.greenadelhouse.com 2025-05-29
FileHash-SHA256 f23e4d59001000bbbd72162556a4ddeb9c1037dbb128b23c8f2f8889330346d4 2025-05-29
hostname maximasigns.greenadelhouse.com 2025-05-29
URL http://185.244.151.87:137 2025-05-29
URL http://greenadelhouse.com 2025-05-29
URL http://maximasigns.greenadelhouse.com 2025-05-29
URL http://tradesmarkets.greenadelhouse.com 2025-05-29
URL https://greenadelhouse.com 2025-05-29
URL https://maximasigns.greenadelhouse.com 2025-05-29
URL https://tradesmarkets.greenadelhouse.com 2025-05-29
URL http://jacknwoods.com/gfxview.msi 2025-05-29
URL http://www.jacknwoods.com 2025-05-29
URL http://www.jacknwoods.com/ 2025-05-29
URL https://www.jacknwoods.com 2025-05-29
URL https://www.jacknwoods.com/chth.php 2025-05-29
URL http://fogomyart.com/cgi-sys/suspendedpage.cgi 2025-05-29
URL https://fogomyart.com/cgi-sys/suspendedpage.cgi 2025-05-29
URL https://fogomyart.com/random.php 2025-05-29
FileHash-SHA256 0175b13cf1ee8c6004f5ffb16998d1a50b12af2f426e96a586ba2b43bcf9b6a0 2025-05-29
FileHash-SHA256 1aabce457aa66a0f3aa64ef6204da312920d2e085ea4025a39459b9c28ed566e 2025-05-29
FileHash-SHA256 38b05997704e8ddd94768bfa063da2e0c89f9b3acc585591a0fc27d1fe430bc6 2025-05-29
FileHash-SHA256 3b62ccbf7cf5123fc74230bb34ee747ebfb98572b71f5710e8ac72a5a5b44441 2025-05-29
FileHash-SHA256 42069dcebfae19d4836b473141f141bc83fd1c72e0b4555fffd1229fdeb8923d 2025-05-29
FileHash-SHA256 4731ff4119d8629a3d5dc195659444ea18771b5d5deefce41f9565383d28d746 2025-05-29
FileHash-SHA256 4e03e1dd523dda47b7a08a5db4d0c34a6be21b65e369fde6f88ac374a74fbdab 2025-05-29
FileHash-SHA256 755165b579a175d80ff6797c411d0e4cf37c0a251cf3f842b901fe8d5e62a52c 2025-05-29
FileHash-SHA256 898f0bfc0750f0b6acba02becfea0ba219ff598788b26c8eeef84391438a628e 2025-05-29
FileHash-SHA256 ad529510b40eaeccc6eafc68304e5838d13fa39c73e97a7ab096e4018e6d9f42 2025-05-29
FileHash-SHA256 c36470be484695f6c1e0f2b2bb01a1b2d2e9e2dd6ce126194b511a41c2ee86c8 2025-05-29
FileHash-SHA256 c3b2f4b2b6e23610923038798c9842f32b5d20a8dc9e2aa7283c918873f1c5d5 2025-05-29
FileHash-SHA256 d895d5520045f6326746681fc26869a5d084134ead3d2339a27ad967ca37ed50 2025-05-29
FileHash-SHA256 de11e70ba1644ad8ff2284e4596d7056a5e4d79f865d7241789909cd42d7c50b 2025-05-29
FileHash-SHA256 dfbcc9f3ab00123e82b9e33a53bd94e73a9cc8a5352dd82847e9555f295ca532 2025-05-29
FileHash-SHA256 e42195b38f2712dab64c481a2f567daae4a9cf2e8d6a7bfbffd97fd07d35c8ec 2025-05-29
domain alphacopytrades.com 2025-05-29
domain alphixmine.com 2025-05-29
domain apostaganha77.com 2025-05-29
domain arowama.com 2025-05-29
domain astelammat.site 2025-05-29
domain astelams.store 2025-05-29
domain autoindustrydoo.com 2025-05-29
domain azoreslogisticsllc.com 2025-05-29
domain booksgetmgt.com 2025-05-29
domain byphex.com 2025-05-29
domain capital-boost.org 2025-05-29
domain capitalgtrade.com 2025-05-29
hostname capspaceheight.com.booksgetmgt.com 2025-05-29
domain dcsolut.com 2025-05-29
domain den1zbank.com 2025-05-29
domain elite-garments.store 2025-05-29
domain falconcables.info 2025-05-29
domain geankoop.com 2025-05-29
domain ghost-severs.com 2025-05-29
domain goldenprime.live 2025-05-29
domain gtpv.online 2025-05-29
domain hostsailor.com 2025-05-29
domain jomeirah.com 2025-05-29
hostname mail.falconcables.info 2025-05-29
domain minibiketommy.net 2025-05-29
domain oqsuppliers.com 2025-05-29
domain parcaredrive.com 2025-05-29
domain plymouthvibes.com 2025-05-29
domain sagefinances.ltd 2025-05-29
domain standardlogisticexpress.com 2025-05-29
domain swissenergy.cc 2025-05-29
domain talentreefiaa.com 2025-05-29
URL http://alphacopytrades.com/ 2025-05-29
URL http://apostaganha77.com 2025-05-29
URL http://apostaganha77.com.geankoop.com/ 2025-05-29
URL http://autoindustrydoo.com/ 2025-05-29
URL http://capspaceheight.com.booksgetmgt.com/ 2025-05-29
URL http://dcsolut.com/ 2025-05-29
URL http://den1zbank.com/ 2025-05-29
URL http://mail.capital-boost.org/ 2025-05-29
URL http://parcaredrive.com 2025-05-29
URL http://sagefinances.ltd/ 2025-05-29
URL http://swissenergy.cc/ 2025-05-29
URL http://talentreefiaa.com/cgi-sys/suspendedpage.cgi 2025-05-29
URL http://www.financial.standardlogisticexpress.com/ 2025-05-29
URL https://alphacopytrades.com/build/images/back.5cbec141.html 2025-05-29
URL https://apostaganha77.com 2025-05-29
URL https://apostaganha77.com/ 2025-05-29
URL https://goldenprime.live/ 2025-05-29
URL https://gtpv.online/ 2025-05-29
URL https://hosting2.ro.hostsailor.com/ 2025-05-29
URL https://parcaredrive.com 2025-05-29
References (1)
↗ https://blog.eclecticiq.com/pakistan-telecommunication-company-ptcl-targeted-by-bitter-apt-during-heightened-regional-conflict