SYMBOLCOMMON_NAMEaka. SYNONYMS

HAZY TIGER  (Back to overview)

aka: Bitter, T-APT-17, APT-C-08, Orange Yali

The Bitter threat group initially started using RAT tools in their campaigns, as the first Bitter versions, for Android released in 2014 were based on the AndroRAT framework. Over time, they switched to a custom version that has been known as BitterRAT ever since.


Associated Families
win.almondrat apk.dracarys win.zxxz

References
2022-08-09cybleCyble Research Labs
@online{labs:20220809:bitter:022e356, author = {Cyble Research Labs}, title = {{Bitter APT Group Using “Dracarys” Android Spyware}}, date = {2022-08-09}, organization = {cyble}, url = {https://blog.cyble.com/2022/08/09/bitter-apt-group-using-dracarys-android-spyware/}, language = {English}, urldate = {2022-08-15} } Bitter APT Group Using “Dracarys” Android Spyware
Dracarys
2022-07-05SECUINFRASECUINFRA Falcon Team
@online{team:20220705:whatever:caa840b, author = {SECUINFRA Falcon Team}, title = {{Whatever floats your Boat – Bitter APT continues to target Bangladesh}}, date = {2022-07-05}, organization = {SECUINFRA}, url = {https://www.secuinfra.com/en/techtalk/whatever-floats-your-boat-bitter-apt-continues-to-target-bangladesh/}, language = {English}, urldate = {2022-07-13} } Whatever floats your Boat – Bitter APT continues to target Bangladesh
AlmondRAT Artra Downloader Bitter RAT ZxxZ
2022-06-08Qianxin Threat Intelligence CenterRed Raindrop Team
@online{team:20220608:operation:3fe580d, author = {Red Raindrop Team}, title = {{Operation Tejas: A dying elephant curled up in the Kunlun Mountains}}, date = {2022-06-08}, organization = {Qianxin Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/8j_rHA7gdMxY1_X8alj8Zg}, language = {English}, urldate = {2022-06-09} } Operation Tejas: A dying elephant curled up in the Kunlun Mountains
HAZY TIGER RAZOR TIGER
2022-05-11Cisco TalosCisco Talos
@online{talos:20220511:bitter:c463e99, author = {Cisco Talos}, title = {{Bitter APT adds Bangladesh to their targets}}, date = {2022-05-11}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/05/bitter-apt-adds-bangladesh-to-their.html}, language = {English}, urldate = {2022-05-13} } Bitter APT adds Bangladesh to their targets
AndroRAT Artra Downloader Bitter RAT ZxxZ
2022-04-28PWCPWC UK
@techreport{uk:20220428:cyber:46707aa, author = {PWC UK}, title = {{Cyber Threats 2021: A Year in Retrospect}}, date = {2022-04-28}, institution = {PWC}, url = {https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf}, language = {English}, urldate = {2022-04-29} } Cyber Threats 2021: A Year in Retrospect
APT15 APT31 APT41 APT9 BlackTech BRONZE EDGEWOOD DAGGER PANDA Earth Lusca HAFNIUM HAZY TIGER Inception Framework LOTUS PANDA QUILTED TIGER RedAlpha Red Dev 17 Red Menshen Red Nue VICEROY TIGER
2020-06-19BitdefenderOana Asoltanei, Denis Cosmin Nutiu, Alin Mihai Barbatei
@techreport{asoltanei:20200619:bitterapt:2e8e1d2, author = {Oana Asoltanei and Denis Cosmin Nutiu and Alin Mihai Barbatei}, title = {{BitterAPT Revisited: the Untold Evolution of an Android Espionage Tool}}, date = {2020-06-19}, institution = {Bitdefender}, url = {https://www.bitdefender.com/files/News/CaseStudies/study/352/Bitdefender-PR-Whitepaper-BitterAPT-creat4571-en-EN-GenericUse.pdf}, language = {English}, urldate = {2020-06-21} } BitterAPT Revisited: the Untold Evolution of an Android Espionage Tool
AndroRAT Artra Downloader Bitter RAT HAZY TIGER

Credits: MISP Project