← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Bitter (APT-Q-37) uses diverse means to deliver new backdoor components
WHITE Bitter PetrP.73 2025-10-24 Modified: 2025-10-24
35
IOCs
MEDIUM VOLUME
Bitter, also known as APT-Q-37, is a threat actor group believed to have South Asian origins, primarily targeting government, military, and electric power sectors in China, Pakistan, and other nations. Their objective revolves around the acquisition of sensitive data. Recently, the Qi'anxin Threat Intelligence Center uncovered attack samples linked to Bitter that utilize varied methods to deploy a C# backdoor capable of receiving arbitrary executable files from a remote server.
qianxin threatbitter groupbitterattack chainxlam fileaugustwinrar versionuserwordexe filewinrardesktopaprilandroid
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (6 / 35 total)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 18164f7b3d320a79b6db634f718a1095 2025-10-24
FileHash-MD5 4bedd8e2b66cc7d64b293493ef5b8942 2025-10-24
FileHash-MD5 7452fb632fd824f882fa12f9bebd7aa7 2025-10-24
FileHash-MD5 b165b489c5f8c4e136364664502d68f1 2025-10-24
FileHash-MD5 f16f2e4317c37085cad630d41001f7c3 2025-10-24
FileHash-MD5 f6f2fdc38cd61d8d9e8cd35244585967 2025-10-24
References (1)
↗ https://ti.qianxin.com/blog/articles/bitter-uses-diverse-means-to-deliver-new-backdoor-components-en/