top of page
Search

BumbleBee Roasts Its Way to Domain Admin

A look back at some of the key moments in an intrusion from April 2022, when the BumbleBee malware loader was used to access a high-ranking domain admin account. the following:




ADVERSARY: EXOTIC LILY


MALWARE FAMILIES: BumbleBee, CobaltStrike


ATT&CK IDS: T1003 - OS Credential Dumping, T1016 - System Network Configuration Discovery, T1018 - Remote System Discovery, T1021 - Remote Services, T1036 - Masquerading, T1047 - Windows Management Instrumentation, T1055 - Process Injection, T1057 - Process Discovery, T1059 - Command and Scripting Interpreter, T1070 - Indicator Removal on Host, T1071 - Application Layer Protocol, T1078 - Valid Accounts, T1087 - Account Discovery, T1105 - Ingress Tool Transfer, T1110 - Brute Force, T1204 - User Execution, T1218 - Signed Binary Proxy Execution, T1219 - Remote Access Software, T1482 - Domain Trust Discovery, T1518 - Software Discovery, T1553 - Subvert Trust Controls, T1558 - Steal or Forge Kerberos Tickets, T1566 - Phishing, T1570 - Lateral Tool Transfer


Read More:

0 views
bottom of page