HAZY TIGER

Also known as: Bitter, T-APT-17, APT-C-08, Orange Yali, TA397, HAZY TIGER, 蔓灵花 - APT-C-08

The Bitter threat group initially started using RAT tools in their campaigns, as the first Bitter versions, for Android released in 2014 were based on the AndroRAT framework. Over time, they switched to a custom version that has been known as BitterRAT ever since.

🌍 Country India

Targeted Victims

Germany

Introduction

The Bitter threat group initially started using RAT tools in their campaigns, as the first Bitter versions, for Android released in 2014 were based on the AndroRAT framework. Over time, they switched to a custom version that has been known as BitterRAT ever since.

Activities and Tactics

Country of Origin: 🇮🇳 India

Suspected Victims: Germany

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

  • DroidJack
  • Androrat

Attribution and Evidence

Country of Origin: India Additional attribution information pending cataloguing.

References

References pending cataloguing.