Al Mamun's Blog

Tuesday, May 24, 2022

IOCs against Bitter APT Group

DOMAINS

olmajhnservice[.]com

levarisnetqlsvc[.]net

urocakpmpanel[.]com

tomcruefrshsvc[.]com

autodefragapp[.]com

helpdesk[.]autodefragapp[.]com

URLS

http[://]autodefragapp[.]com/

hxxp[://]olmajhnservice[.]com/updateReqServ10893x[.]php?x=035347

hxxp[://]olmajhnservice[.]com/

hxxps[://]olmajhnservice[.]com/nt[.]php/?dt=%25computername%25-BKP&ct=BKP

hxxp[://]olmajhnservice[.]com/nxl/nx

hxxp[://]olmajhnservice[.]com/nxl/nx/

hxxp[://]olmajhnservice[.]com/nt[.]php/?dt=

hxxps[://]olmajhnservice[.]com/nt[.]php/?dt=%25computername%25-EX-2&ct=2

hxxps[://]olmajhnservice[.]com/

hxxps[://]olmajhnservice[.]com/nt[.]php/?dt=%25computername%25-EX-1

hxxps[://]olmajhnservice[.]com/nt[.]php/?dt=%25computername%25-EX-1&amp

hxxp[://]olmajhnservice[.]com/nt[.]php?dt=%25computername%25-ex-1&amp

hxxp[://]olmajhnservice[.]com/nt[.]php

hxxp[://]olmajhnservice[.]com/nt[.]php/

hxxp[://]olmajhnservice[.]com/nt[.]php/?dt=%25username%25-EX-3ct=1

hxxps[://]olmajhnservice[.]com/nt[.]php/?dt=%25computername%25-EX-1&ct=1

hxxps[://]olmajhnservice[.]com/nt[.]php/

hxxps[://]olmajhnservice[.]com/nt[.]php/?dt=%25computername%25-EX-3&ct=3

hxxps[://]olmajhnservice[.]com/nt[.]php/?dt=%25username%25-EX-3&ct=1

hxxp[://]levarisnetqlsvc[.]net/drw/drw

hxxp[://]levarisnetqlsvc[.]net/lt[.]php

hxxp[://]levarisnetqlsvc[.]net/

hxxps[://]levarisnetqlsvc[.]net/lt[.]php

hxxp[://]levarisnetqlsvc[.]net/jig/gij

hxxps[://]levarisnetqlsvc[.]net/lt[.]php/?dt=%25computername%25-LT-2&ct=LT

hxxp[://]urocakpmpanel[.]com/axl/ax

hxxp[://]urocakpmpanel[.]com/nt[.]php?dt=%25computername%25-****

hxxps[://]urocakpmpanel[.]com/

hxxp[://]urocakpmpanel[.]com/nt[.]php/?dt=%25computername%25-****

hxxps[://]urocakpmpanel[.]com/nt[.]php/?dt=%25computername

hxxp[://]urocakpmpanel[.]com/

hxxp[://]urocakpmpanel[.]com:33324/

hxxps[://]urocakpmpanel[.]com/nt[.]php

DOCUMENTS

b0b687977eee41ee7c3ed0d9d179e8c00181f0c0db64eebc0005a5c6325e8a82

f7ed5eec6d1869498f2fca8f989125326b2d8cee8dcacf3bc9315ae7566963db

490e9582b00e2622e56447f76de4c038ae0b658a022e6bc44f9eb0ddf0720de6

b7765ff16309baacff3b19d1a1a5dd7850a1640392f64f19353e8a608b5a28c5

ce922a20a73182c18101dae7e5acfc240deb43c1007709c20ea74c1dd35d2b12

e4545764e0c54ed1e1321a038fa2c1921b5b70a591c95b24127f1b9de7212af8

PAYLOAD

fa0ed2faa3da831976fee90860ac39d50484b20bee692ce7f0ec35a15670fa92

3fdf291e39e93305ebc9df19ba480ebd60845053b0b606a620bf482d0f09f4d3

69b397400043ec7036e23c225d8d562fdcd3be887f0d076b93f6fcaae8f3dd61

90fd32f8f7b494331ab1429712b1735c3d864c8c8a2461a5ab67b05023821787

https://blog.talosintelligence.com/2022/05/bitter-apt-adds-bangladesh-to-their.html

https://killingthebear.jorgetesta.tech/campaigns/bitter-apt-bangladesh1

Al Mamun's Blog

Pages

Saturday, May 28, 2022

Attended #bdSIG 2022, really a great platform to learn and share ideas and knowledge...

Tuesday, May 24, 2022

IOCs against Bitter APT Group

Monday, May 23, 2022

Past, Present and Future... (part-2)

Thursday, May 19, 2022

Successfully attended and achieved the certificate on "Training on Cyber Security and Customer Fraud" conducted by Asian Bankers Association (#ABA)

Don't follow the majority, rather follow the right way...

Tuesday, May 17, 2022

Attended panel discussion session conducted by #ISMG

Sunday, May 15, 2022

Past, Present & Future