SYMBOLCOMMON_NAMEaka. SYNONYMS

HAZY TIGER  (Back to overview)

aka: APT-C-08, Bitter, Orange Yali, T-APT-17

The Bitter threat group initially started using RAT tools in their campaigns, as the first Bitter versions, for Android released in 2014 were based on the AndroRAT framework. Over time, they switched to a custom version that has been known as BitterRAT ever since.


Associated Families
apk.dracarys win.almondrat win.zxxz win.miya_rat win.wm_rat

References
2024-12-17ProofpointDavid Galazin, Konstantin Klinger, Nick Attfield, Pim Trouerbach
Hidden in Plain Sight: TA397’s New Attack Chain Delivers Espionage RATs
MiyaRAT WmRAT
2022-08-09cybleCyble Research Labs
Bitter APT Group Using “Dracarys” Android Spyware
Dracarys
2022-07-05SECUINFRASECUINFRA Falcon Team
Whatever floats your Boat – Bitter APT continues to target Bangladesh
AlmondRAT Artra Downloader Bitter RAT ZxxZ
2022-06-08Qianxin Threat Intelligence CenterRed Raindrop Team
Operation Tejas: A dying elephant curled up in the Kunlun Mountains
HAZY TIGER RAZOR TIGER
2022-05-11Cisco TalosCisco Talos
Bitter APT adds Bangladesh to their targets
AndroRAT Artra Downloader Bitter RAT ZxxZ
2022-04-28PWCPWC UK
Cyber Threats 2021: A Year in Retrospect
BPFDoor APT15 APT31 APT41 APT9 BlackTech BRONZE EDGEWOOD DAGGER PANDA Earth Lusca HAFNIUM HAZY TIGER Inception Framework LOTUS PANDA QUILTED TIGER RedAlpha Red Dev 17 Red Menshen Red Nue VICEROY TIGER
2020-06-19BitdefenderAlin Mihai Barbatei, Denis Cosmin Nutiu, Oana Asoltanei
BitterAPT Revisited: the Untold Evolution of an Android Espionage Tool
AndroRAT Artra Downloader Bitter RAT HAZY TIGER

Credits: MISP Project