ING1002

HAZY TIGERHAZY TIGER

Also known as: Bitter · T-APT-17 · APT-C-08 · Orange Yali · TA397 · HAZY TIGER

Origin
IN
Known aliases
6

Profile

The Bitter threat group initially started using RAT tools in their campaigns, as the first Bitter versions, for Android released in 2014 were based on the AndroRAT framework. Over time, they switched to a custom version that has been known as BitterRAT ever since.

Aliases· 6

BitterT-APT-17APT-C-08Orange YaliTA397HAZY TIGER

Known victims· 1

  • Germany

MITRE ATT&CK Group crosswalk

G1002

References

  1. https://www.bitdefender.com/files/News/CaseStudies/study/352/Bitdefender-PR-Whitepaper-BitterAPT-creat4571-en-EN-GenericUse.pdf
  2. https://mp.weixin.qq.com/s/8j_rHA7gdMxY1_X8alj8Zg
  3. https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf
  4. https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Cyber-Sicherheitslage/Analysen-und-Prognosen/Threat-Intelligence/Aktive_APT-Gruppen/aktive-apt-gruppen_node.html
  5. https://www.proofpoint.com/us/blog/threat-insight/hidden-plain-sight-ta397s-new-attack-chain-delivers-espionage-rats

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
RAZOR TIGER
Actor
APT-C-27
Actor
VICEROY TIGER
Actor
APT21
Actor
TEMPER PANDA
Actor
APT24
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.