← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Bitter (APT-Q-37) uses diverse means to deliver new backdoor components
WHITE Bitter PetrP.73 2025-10-24 Modified: 2025-10-24
35
IOCs
MEDIUM VOLUME
Bitter, also known as APT-Q-37, is a threat actor group believed to have South Asian origins, primarily targeting government, military, and electric power sectors in China, Pakistan, and other nations. Their objective revolves around the acquisition of sensitive data. Recently, the Qi'anxin Threat Intelligence Center uncovered attack samples linked to Bitter that utilize varied methods to deploy a C# backdoor capable of receiving arbitrary executable files from a remote server.
qianxin threatbitter groupbitterattack chainxlam fileaugustwinrar versionuserwordexe filewinrardesktopaprilandroid
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (5 / 35 total)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 1d56efe9744f72cb02cee26dad937796d53fb752 SHA1 of f16f2e4317c37085cad630d41001f7c3 2025-10-24
FileHash-SHA1 59243520bdb500097aea8178b0c6cbe1c4ee5b4f SHA1 of 7452fb632fd824f882fa12f9bebd7aa7 2025-10-24
FileHash-SHA1 d5fc860bf59dddaac2b81e73017319a6c0dc5049 SHA1 of 4bedd8e2b66cc7d64b293493ef5b8942 2025-10-24
FileHash-SHA1 eb3032c062c9dc36100a4af9a501bc8fc118567d SHA1 of b165b489c5f8c4e136364664502d68f1 2025-10-24
FileHash-SHA1 fc4e129e63736f10edf9427e7c89e8e454697871 SHA1 of 18164f7b3d320a79b6db634f718a1095 2025-10-24
References (1)
↗ https://ti.qianxin.com/blog/articles/bitter-uses-diverse-means-to-deliver-new-backdoor-components-en/