Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 13:36:19 UTC
Home > List all groups > List all tools > List all groups using tool BitterRAT
 Tool: BitterRAT
Names
BitterRAT
Bitter RAT
Category Malware
Type Backdoor
Description
(Forcepoint) BITTER used free dynamic DNS (DDNS) and dedicated server hosting services
in order to set up their C2s. The download site where the exploit documents download the
RAT binaries are, in most cases, different from the actual RAT C2. However, both of them are
typically registered using a Gmail email address and a spoofed identity purporting to be either
from United Kingdom or Great Britain.
Information
Malpedia Last change to this tool card: 28 December 2022
Download this tool card in JSON format
All groups using tool BitterRAT
Changed Name Country Observed
APT groups
 Bitter [South Asia] 2013-Nov 2024
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=0e7f29c9-7c63-432a-aeb0-441aec1d43e4
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=0e7f29c9-7c63-432a-aeb0-441aec1d43e4
Page 1 of 1