Rewterz Threat Alert – Bitter APT Group – Active IOCs - Rewterz
Tags
| country: | Bangladesh China Pakistan Saudi Arabia |
| attack-pattern: | Server - T1583.004 Server - T1584.004 Vulnerabilities - T1588.006 |
Common Information
| Type | Value |
|---|---|
| UUID | 6711cbd9-f221-45e1-a18c-055f252c0e00 |
| Fingerprint | 87fb8dd1eec4c74f |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | May 17, 2022, 9:01 a.m. |
| Added to db | Dec. 19, 2024, 7:42 a.m. |
| Last updated | Dec. 23, 2024, 11:18 a.m. |
| Headline | Rewterz Threat Alert – Bitter APT Group – Active IOCs |
| Title | Rewterz Threat Alert – Bitter APT Group – Active IOCs - Rewterz |
| Detected Hints/Tags/Attributes | 32/2/59 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 3 | cve-2022-30138 |
|
| Details | CVE | 437 | cve-2017-11882 |
|
| Details | CVE | 75 | cve-2018-0798 |
|
| Details | CVE | 144 | cve-2018-0802 |
|
| Details | Domain | 3 | olmajhnservice.com |
|
| Details | Domain | 3 | levarisnetqlsvc.net |
|
| Details | Domain | 3 | urocakpmpanel.com |
|
| Details | Domain | 3 | tomcruefrshsvc.com |
|
| Details | Domain | 3 | autodefragapp.com |
|
| Details | Domain | 3 | helpdesk.autodefragapp.com |
|
| Details | md5 | 2 | bdbbd70229591fb1102365f4bb22196b |
|
| Details | md5 | 2 | 5e5201514800509b2e75a3fcffad7405 |
|
| Details | md5 | 2 | 72a7130e98119ecd70c4e0f6ce9c0030 |
|
| Details | md5 | 2 | 527dc131149644af439e0e8f96a2c4eb |
|
| Details | md5 | 3 | bf51119c8b0673a9cfee1c384d1e236a |
|
| Details | md5 | 4 | 2a340b72e16fb1ece13d7f553ec3c266 |
|
| Details | md5 | 2 | b9025eca96614a473e204e9e8a873e1d |
|
| Details | md5 | 2 | 59b043a913014a1f03258c695b9333af |
|
| Details | md5 | 2 | 2c8ed4045b76a1eca8c8d0161a4b65ec |
|
| Details | md5 | 4 | 2454a5b5f7793d372c96fd572c1de2cc |
|
| Details | sha1 | 2 | b12e459dd3857f5379ac99e48def4ad2b8a3aa16 |
|
| Details | sha1 | 2 | 33f7efb563052da4d25405dd7f0366bb3bff5b26 |
|
| Details | sha1 | 2 | d297031f13599df567b3b8c1ed1cb7cd32bf758d |
|
| Details | sha1 | 2 | 3ba50221785aa8d1f2dea2894fc9a9449e826724 |
|
| Details | sha1 | 3 | 3d540373b74ed12df6b21e1ea21566907fba04a1 |
|
| Details | sha1 | 4 | 7a94a3dcd68792877a4ca8747e23ec084b12da16 |
|
| Details | sha1 | 1 | 2360e4cff14fbfb2af6c80dbd7028d682fe2634e |
|
| Details | sha1 | 2 | 2af2dcd9482a281228d987723640203e08ff93c9 |
|
| Details | sha1 | 2 | b17f0381fc7e4c4c6bb15dfcc0c37d2945266c6e |
|
| Details | sha1 | 4 | bcd7a2191af9ddb1bd627e36a55fc55680e36f51 |
|
| Details | sha256 | 3 | b0b687977eee41ee7c3ed0d9d179e8c00181f0c0db64eebc0005a5c6325e8a82 |
|
| Details | sha256 | 3 | f7ed5eec6d1869498f2fca8f989125326b2d8cee8dcacf3bc9315ae7566963db |
|
| Details | sha256 | 3 | 490e9582b00e2622e56447f76de4c038ae0b658a022e6bc44f9eb0ddf0720de6 |
|
| Details | sha256 | 3 | b7765ff16309baacff3b19d1a1a5dd7850a1640392f64f19353e8a608b5a28c5 |
|
| Details | sha256 | 4 | ce922a20a73182c18101dae7e5acfc240deb43c1007709c20ea74c1dd35d2b12 |
|
| Details | sha256 | 5 | e4545764e0c54ed1e1321a038fa2c1921b5b70a591c95b24127f1b9de7212af8 |
|
| Details | sha256 | 4 | fa0ed2faa3da831976fee90860ac39d50484b20bee692ce7f0ec35a15670fa92 |
|
| Details | sha256 | 4 | 3fdf291e39e93305ebc9df19ba480ebd60845053b0b606a620bf482d0f09f4d3 |
|
| Details | sha256 | 4 | 69b397400043ec7036e23c225d8d562fdcd3be887f0d076b93f6fcaae8f3dd61 |
|
| Details | sha256 | 6 | 90fd32f8f7b494331ab1429712b1735c3d864c8c8a2461a5ab67b05023821787 |
|
| Details | Url | 2 | http://autodefragapp.com |
|
| Details | Url | 2 | http://olmajhnservice.com/updatereqserv10893x.php?x=035347 |
|
| Details | Url | 2 | http://olmajhnservice.com |
|
| Details | Url | 2 | https://olmajhnservice.com/nt.php/?dt=%computername% |
|
| Details | Url | 2 | http://olmajhnservice.com/nxl/nx |
|
| Details | Url | 2 | http://olmajhnservice.com/nt.php/?dt= |
|
| Details | Url | 2 | http://olmajhnservice.com/nt.php?dt=%computername% |
|
| Details | Url | 2 | http://olmajhnservice.com/nt.php |
|
| Details | Url | 2 | http://olmajhnservice.com/nt.php/?dt=%username% |
|
| Details | Url | 2 | http://levarisnetqlsvc.net/drw/drw |
|
| Details | Url | 2 | http://levarisnetqlsvc.net/lt.php |
|
| Details | Url | 2 | http://levarisnetqlsvc.net |
|
| Details | Url | 2 | http://levarisnetqlsvc.net/jig/gij |
|
| Details | Url | 2 | https://levarisnetqlsvc.net/lt.php/?dt=%computername% |
|
| Details | Url | 2 | http://urocakpmpanel.com/axl/ax |
|
| Details | Url | 2 | http://urocakpmpanel.com/nt.php?dt=%computername% |
|
| Details | Url | 2 | https://urocakpmpanel.com |
|
| Details | Url | 2 | http://urocakpmpanel.com |
|
| Details | Url | 2 | https://urocakpmpanel.com/nt.php |