A look back at some of the key moments in an intrusion from April 2022, when the BumbleBee malware loader was used to access a high-ranking domain admin account. the following:
ADVERSARY: EXOTIC LILY
MALWARE FAMILIES: BumbleBee, CobaltStrike
ATT&CK IDS: T1003 - OS Credential Dumping, T1016 - System Network Configuration Discovery, T1018 - Remote System Discovery, T1021 - Remote Services, T1036 - Masquerading, T1047 - Windows Management Instrumentation, T1055 - Process Injection, T1057 - Process Discovery, T1059 - Command and Scripting Interpreter, T1070 - Indicator Removal on Host, T1071 - Application Layer Protocol, T1078 - Valid Accounts, T1087 - Account Discovery, T1105 - Ingress Tool Transfer, T1110 - Brute Force, T1204 - User Execution, T1218 - Signed Binary Proxy Execution, T1219 - Remote Access Software, T1482 - Domain Trust Discovery, T1518 - Software Discovery, T1553 - Subvert Trust Controls, T1558 - Steal or Forge Kerberos Tickets, T1566 - Phishing, T1570 - Lateral Tool Transfer
Read More:
Comments