← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Bitter (APT-Q-37) uses diverse means to deliver new backdoor components
WHITE Bitter PetrP.73 2025-10-24 Modified: 2025-10-24
35
IOCs
MEDIUM VOLUME
Bitter, also known as APT-Q-37, is a threat actor group believed to have South Asian origins, primarily targeting government, military, and electric power sectors in China, Pakistan, and other nations. Their objective revolves around the acquisition of sensitive data. Recently, the Qi'anxin Threat Intelligence Center uncovered attack samples linked to Bitter that utilize varied methods to deploy a C# backdoor capable of receiving arbitrary executable files from a remote server.
qianxin threatbitter groupbitterattack chainxlam fileaugustwinrar versionuserwordexe filewinrardesktopaprilandroid
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (5 / 35 total)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 1e7ce7c530a1cf4d74a356592f99bde2ca359ed4b4144f32cc69ab705f52e4e2 SHA256 of 7452fb632fd824f882fa12f9bebd7aa7 2025-10-24
FileHash-SHA256 259d6c10c93fa4f734b6ae7cf94a478ebee61d1268bf28befc009e71d609b207 SHA256 of b165b489c5f8c4e136364664502d68f1 2025-10-24
FileHash-SHA256 a39a26838e6bc26502ff0b562a3a098d55c5ad5b6daf4405469ce5e11f2192a4 SHA256 of 4bedd8e2b66cc7d64b293493ef5b8942 2025-10-24
FileHash-SHA256 bb67a4de756336d45ebaa7657a7586b4ebff26c74aba458d62de85c2070f3d90 SHA256 of f16f2e4317c37085cad630d41001f7c3 2025-10-24
FileHash-SHA256 f7e25e5601fdf038aa0840be508cf1d5915cd5317a5513cd7e7c3ae76055839f SHA256 of 18164f7b3d320a79b6db634f718a1095 2025-10-24
References (1)
↗ https://ti.qianxin.com/blog/articles/bitter-uses-diverse-means-to-deliver-new-backdoor-components-en/