ioc[.]one - OSINT Cyber Threat Intelligence Database

Bitter APT continues to target Bangladesh | SECUINFRA Falcon Team

Tags

cmtmf-attack-pattern:	Obfuscated Files Or Information Stage Capabilities
country:	Bangladesh China Pakistan
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Data Destruction - T1662 Data Destruction - T1485 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Dynamic Dns - T1311 Dynamic Dns - T1333 Exfiltration Over C2 Channel - T1646 Exploitation For Client Execution - T1658 Exploits - T1587.004 Exploits - T1588.005 File And Directory Discovery - T1420 Gather Victim Host Information - T1592 Impersonation - T1656 Ingress Tool Transfer - T1544 Malware - T1587.001 Malware - T1588.001 Obfuscated Files Or Information - T1406 Non-Standard Port - T1509 Non-Standard Port - T1571 Phishing - T1660 Phishing - T1566 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Spearphishing Attachment - T1566.001 Spearphishing Attachment - T1598.002 Stage Capabilities - T1608 Tool - T1588.002 Vulnerabilities - T1588.006 Whois - T1596.002 Upload Malware - T1608.001 Data Transfer Size Limits - T1030 Exfiltration Over Command And Control Channel - T1041 Exploitation For Client Execution - T1203 File And Directory Discovery - T1083 Remote File Copy - T1105 Obfuscated Files Or Information - T1027 Spearphishing Attachment - T1193 Data Destruction Spearphishing Attachment

Show in Graph

Common Information

Type	Value
UUID	f1068cf2-cc6b-48ac-a041-de5b7439ddc0
Fingerprint	a79c89620f032f11
Analysis status	DONE
Considered CTI value	2
Text language
Published	July 5, 2022, 3 p.m.
Added to db	Sept. 11, 2022, 12:37 p.m.
Last updated	Nov. 17, 2024, 10:40 p.m.
Headline	Whatever floats your Boat – Bitter APT continues to target Bangladesh
Title	Bitter APT continues to target Bangladesh \| SECUINFRA Falcon Team
Detected Hints/Tags/Attributes	128/4/67

Source URLs

	Redirection	Url
Details	Source	https://www.secuinfra.com/en/techtalk/whatever-floats-your-boat-bitter-apt-continues-to-target-bangladesh/

URL Provider

Details	Provider	Source level domain
Details	secuinfra.com	www.secuinfra.com

Attributes

Details	Type	#Events	Value
Details	Autonomous System Number	4	AS20278
Details	CVE	176	cve-2012-0158
Details	CVE	45	cve-2021-1732
Details	CVE	14	cve-2021-28310
Details	CVE	58	cve-2018-0798
Details	CVE	6	cve-2017-1182
Details	Domain	911	any.run
Details	Domain	1	emshedulersvc.com
Details	Domain	1	saebamini.com
Details	Domain	1	huandocimama.com
Details	Domain	2	diyefosterfeeds.com
Details	Domain	1	spurshipbroker.com
Details	Domain	1	spurshipbrokers.com
Details	Domain	97	abuse.ch
Details	Domain	208	mp.weixin.qq.com
Details	File	1	bijoy.xls
Details	File	18	fsutil.exe
Details	File	3	gflags.exe
Details	File	1	capt.msi
Details	File	2126	cmd.exe
Details	File	50	urlmon.dll
Details	File	185	shell32.dll
Details	File	1	bijoy.xlsx
Details	File	1	stdrcl.exe
Details	File	2	profiles.php
Details	md5	1	1bf615946ad9ea7b5a282a8529641bf6
Details	md5	1	a1d9e1dccfbba118d52f95ec6cc7c943
Details	md5	2	6e4b4eb701f3410ebfb5925db32b25dc
Details	md5	3	71e1cfb5e5a515cea2c3537b78325abf
Details	md5	1	d58e6f93bd1eb81eacc965d530709246
Details	sha1	1	358867f105b517624806c3315c5426803f7c42a7
Details	sha1	1	8efa4d5574a0c80733e9824ec146521385a68424
Details	sha1	1	c330ef43bbee001296c6c120cf68e4c90d078d9c
Details	sha1	1	bcc9e35c28430264575831e851182eca7219116f
Details	sha1	1	a47aec515f303ae7f427d98fc69fe828fa9c6ec6
Details	sha256	1	0c7158f9fc2093caf5ea1e34d8b8fffce0780ffd25191fac9c9b52c3208bc450
Details	sha256	1	bd0d25194634b2c74188cfa3be6668590e564e6fe26a6fe3335f95cbc943ce1d
Details	sha256	1	3992d5a725126952f61b27d43bd4e03afa5fa4a694dca7cf8bbf555448795cd6
Details	sha256	1	91ddbe011f1129c186849cd4c84cf7848f20f74bf512362b3283d1ad93be3e42
Details	sha256	2	90fd32f8f7b494331ab1429712b1735c3d864c8c8a2461a5ab67b05023821787
Details	sha256	2	69b397400043ec7036e23c225d8d562fdcd3be887f0d076b93f6fcaae8f3dd61
Details	sha256	2	3fdf291e39e93305ebc9df19ba480ebd60845053b0b606a620bf482d0f09f4d3
Details	sha256	2	fa0ed2faa3da831976fee90860ac39d50484b20bee692ce7f0ec35a15670fa92
Details	sha256	1	55901c2d5489d6ac5a0671971d29a31f4cdfa2e03d56e18c1585d78547a26396
Details	sha256	1	bc03923e3cc2895893571068fd20dd0bc626764d06a009b91dac27982e40a085
Details	sha256	1	d83cb82be250604b2089a1198cedd553aaa5e8838b82011d6999bc6431935691
Details	IPv4	1	91.195.240.103
Details	IPv4	3	194.36.191.196
Details	IPv4	1	162.0.232.109
Details	IPv4	1	64.44.131.109
Details	MITRE ATT&CK Techniques	49	T1608.001
Details	MITRE ATT&CK Techniques	310	T1566.001
Details	MITRE ATT&CK Techniques	245	T1203
Details	MITRE ATT&CK Techniques	627	T1027
Details	MITRE ATT&CK Techniques	16	T1592.002
Details	MITRE ATT&CK Techniques	492	T1105
Details	MITRE ATT&CK Techniques	115	T1571
Details	MITRE ATT&CK Techniques	422	T1041
Details	MITRE ATT&CK Techniques	36	T1030
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	93	T1485
Details	Pdb	1	stdrcl.pdb
Details	Pdb	1	stimulies.pdb
Details	Threat Actor Identifier by Tencent	13	T-APT-17
Details	Url	1	https://www.secuinfra.com/en/techtalk/whatever-floats-your-boat-bitter-apt-continues-to-target-bangladesh
Details	Url	2	https://mp.weixin.qq.com/s/8j_rha7gdmxy1_x8alj8zg
Details	Url	1	http://m.huandocimama.com/jvqklstyume/xaexybbndxw/profiles.php?profiles=