Pulse Detail — Threat Intelligence

PULSE NAME

Bitter (APT-Q-37) uses diverse means to deliver new backdoor components

WHITE Bitter Tr1sa111 2025-10-24 Modified: 2025-10-24

IOCs

MEDIUM VOLUME

↓ CSV ↓ JSON

winrar vulnerability apt-q-37

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1047 T1033 T1132.001 T1204.002 T1573.001 T1082 T1053 T1140 T1016 T1083 T1057 T1027 T1012 T1059.003 T1071.001 T1105 T1204.001

MALWARE FAMILIES

C# backdoor

Indicators of Compromise (31)

All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
CVE	CVE-2025-8088	—	2025-10-24
FileHash-MD5	18164f7b3d320a79b6db634f718a1095	—	2025-10-24
FileHash-MD5	4bedd8e2b66cc7d64b293493ef5b8942	—	2025-10-24
FileHash-MD5	7452fb632fd824f882fa12f9bebd7aa7	—	2025-10-24
FileHash-MD5	b165b489c5f8c4e136364664502d68f1	—	2025-10-24
FileHash-MD5	f16f2e4317c37085cad630d41001f7c3	—	2025-10-24
FileHash-MD5	f6f2fdc38cd61d8d9e8cd35244585967	—	2025-10-24
FileHash-SHA1	1d56efe9744f72cb02cee26dad937796d53fb752	—	2025-10-24
FileHash-SHA1	59243520bdb500097aea8178b0c6cbe1c4ee5b4f	—	2025-10-24
FileHash-SHA1	d5fc860bf59dddaac2b81e73017319a6c0dc5049	—	2025-10-24
FileHash-SHA1	eb3032c062c9dc36100a4af9a501bc8fc118567d	—	2025-10-24
FileHash-SHA1	fc4e129e63736f10edf9427e7c89e8e454697871	—	2025-10-24
FileHash-SHA256	1e7ce7c530a1cf4d74a356592f99bde2ca359ed4b4144f32cc69ab705f52e4e2	—	2025-10-24
FileHash-SHA256	259d6c10c93fa4f734b6ae7cf94a478ebee61d1268bf28befc009e71d609b207	—	2025-10-24
FileHash-SHA256	a39a26838e6bc26502ff0b562a3a098d55c5ad5b6daf4405469ce5e11f2192a4	—	2025-10-24
FileHash-SHA256	bb67a4de756336d45ebaa7657a7586b4ebff26c74aba458d62de85c2070f3d90	—	2025-10-24
FileHash-SHA256	f7e25e5601fdf038aa0840be508cf1d5915cd5317a5513cd7e7c3ae76055839f	—	2025-10-24
URL	https://msoffice.365cloudz.esanojinjasvc.com/cloudzx/msweb/	—	2025-10-24
URL	https://msoffice.365cloudz.esanojinjasvc.com/cloudzx/msweb/drdxcsv34.php	—	2025-10-24
URL	https://msoffice.365cloudz.esanojinjasvc.com/cloudzx/msweb/drxbds23.php	—	2025-10-24
URL	https://msoffice.365cloudz.esanojinjasvc.com/cloudzx/msweb/drxcvg45.php	—	2025-10-24
URL	https://teamlogin.esanojinjasvc.com/teamesano/drivers/teamidcrz/	—	2025-10-24
URL	https://teamlogin.esanojinjasvc.com/teamesano/drivers/teamsid.php	—	2025-10-24
URL	https://teamlogin.esanojinjasvc.com/teamesano/drivers/teamzid.php	—	2025-10-24
domain	ents.com	—	2025-10-24
domain	esanojinjasvc.com	—	2025-10-24
domain	keeferbeautytrends.com	—	2025-10-24
domain	koliwooclients.com	—	2025-10-24
hostname	msoffice.365cloudz.esanojinjasvc.com	—	2025-10-24
hostname	teamlogin.esanojinjasvc.com	—	2025-10-24
hostname	www.keeferbeautytrends.com	—	2025-10-24

References (1)

↗ https://ti.qianxin.com/blog/articles/bitter-uses-diverse-means-to-deliver-new-backdoor-components-en