top of page

Bumblebee Loader - The High Road to Enterprise Domain Control

Cybereason GSOC team analysts have analyzed a case that involved a Bumblebee Loader infection. Following this introduction, we describe in detail the attack chain from the initial Bumblebee infection to the compromise of the entire network.


ATT&CK IDS: T1547 - Boot or Logon Autostart Execution, T1490 - Inhibit System Recovery, T1003 - OS Credential Dumping, T1018 - Remote System Discovery, T1033 - System Owner/User Discovery, T1036 - Masquerading, T1039 - Data from Network Shared Drive, T1047 - Windows Management Instrumentation, T1048 - Exfiltration Over Alternative Protocol, T1055 - Process Injection, T1057 - Process Discovery, T1059 - Command and Scripting Interpreter, T1068 - Exploitation for Privilege Escalation, T1078 - Valid Accounts, T1082 - System Information Discovery, T1087 - Account Discovery, T1189 - Drive-by Compromise, T1204 - User Execution, T1218 - Signed Binary Proxy Execution, T1548 - Abuse Elevation Control Mechanism, T1560 - Archive Collected Data, T1566 - Phishing

Read More:

bottom of page