Found 14 bookmarks
Custom sorting
Largest ever operation against botnets hits dropper malware ecosystem | Europol
Largest ever operation against botnets hits dropper malware ecosystem | Europol
Between 27 and 29 May 2024 Operation Endgame, coordinated from Europol’s headquarters, targeted droppers including, IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee and Trickbot. The actions focused on disrupting criminal services through arresting High Value Targets, taking down the criminal infrastructures and freezing illegal proceeds. This approach had a global impact on the dropper ecosystem. The malware, whose infrastructure was taken down...
#Europol#EN#2024#Operation-Endgame#IcedID#SystemBC#Pikabot#Smokeloader#Bumblebee#Trickbot#dropper#botnets
·europol.europa.eu·
Largest ever operation against botnets hits dropper malware ecosystem | Europol
Botnets disrupted after international action
Botnets disrupted after international action
Continuing a string of successful botnet takedowns, on Thursday, May 30th 2024, a coalition of international law enforcement agencies announced "Operation Endgame". This effort targeted multiple botnets such as IcedID, Smokeloader, SystemBC, Pikabot and Bumblebee, as well as some of the operators of these botnets. These botnets played a key part in enabling ransomware, thereby causing damages to society estimated to be over a hundred million euros. This coordinated effort is the largest operation ever against botnets involved with ransomware.
#spamhaus#EN#2024#Operation-Endgame#Smokeloader#IcedID#SystemBC#Bumblebee#notnet#takedown
·spamhaus.org·
Botnets disrupted after international action
PindOS: New JavaScript Dropper Delivering Bumblebee and IcedID
PindOS: New JavaScript Dropper Delivering Bumblebee and IcedID
Deep Instinct’s Threat Research Lab recently noticed a new strain of a JavaScript-based dropper that is delivering Bumblebee and IcedID. The dropper contains comments in Russian and employs the unique user-agent string “PindOS”, which may be a reference to current (and past) anti-American sentiment in Russia. Bumblebee is a malware loader first discovered in March 2022. It was associated with Conti group and was being used as a replacement for BazarLoader. It acts as a primary vector for multiple types of other malware, including ransomware. IcedID is a modular banking malware designed to steal financial information. It has been seen in the wild since at least 2017 and has recently been observed shifting some of its focus to malware delivery.
#deepinstinct#EN#2023#JavaScript#Dropper#PindOS#Bumblebee#analysis
·deepinstinct.com·
PindOS: New JavaScript Dropper Delivering Bumblebee and IcedID
BumbleBee Zeros in on Meterpreter
BumbleBee Zeros in on Meterpreter
In this intrusion from May 2022, the threat actors used BumbleBee as the initial access vector from a Contact Forms campaign. We have previously reported on two BumbleBee intrusions (1, 2), and this report is a continuation of a series of reports uncovering multiple TTPs seen by BumbleBee post exploitation operators. The intrusion began with the delivery of an ISO file that contained an LNK and a DLL. The threat actors leveraged BumbleBee to load a Meterpreter agent and Cobalt Strike Beacons. They then performed reconnaissance, used two different UAC bypass techniques, dumped credentials, escalated privileges using a ZeroLogon exploit, and moved laterally through the environment.
#thedfirreport#EN#2022#bumblebee#case#analysis
·thedfirreport.com·
BumbleBee Zeros in on Meterpreter
Bumblebee Returns with New Infection Technique
Bumblebee Returns with New Infection Technique
Delivers Payload Using Post Exploitation Framework During our routine threat-hunting exercise, Cyble Research & Intelligence Labs (CRIL) came across a Twitter post wherein a researcher mentioned an interesting infection chain of the Bumblebee loader malware being distributed via spam campaigns. Bumblebee is a replacement for the BazarLoader malware, which acts as a downloader and delivers known attack frameworks and open-source tools such as Cobalt Strike, Shellcode, Sliver, Meterpreter, etc. It also downloads other types of malware such as ransomware, trojans, etc.
#cyble#EN#2022#Bumblebee#Analysis
·blog.cyble.com·
Bumblebee Returns with New Infection Technique
THREAT ANALYSIS REPORT: Bumblebee Loader – The High Road to Enterprise Domain Control
THREAT ANALYSIS REPORT: Bumblebee Loader – The High Road to Enterprise Domain Control
Cybereason GSOC observed distribution of the Bumblebee Loader and post-exploitation activities including privilege escalation, reconnaissance and credential theft. Bumblebee operators use the Cobalt Strike framework throughout the attack and abuse credentials for privilege escalation to access Active Directory, as well as abusing a domain administrator account to move laterally, create local user accounts and exfiltrate data...
#cybereason#EN#2022#THREAT#ANALYSIS#REPORT#Bumblebee#Loader#CobaltStrike
·cybereason.com·
THREAT ANALYSIS REPORT: Bumblebee Loader – The High Road to Enterprise Domain Control
BumbleBee Zeros in on Meterpreter
BumbleBee Zeros in on Meterpreter
In this intrusion from May 2022, the threat actors used BumbleBee as the initial access vector from a Contact Forms campaign. We have previously reported on two BumbleBee intrusions (1, 2), and this report is a continuation of a series of reports uncovering multiple TTPs seen by BumbleBee post exploitation operators. The intrusion began with the delivery of an ISO file that contained an LNK and a DLL. The threat actors leveraged BumbleBee to load a Meterpreter agent and Cobalt Strike Beacons. They then performed reconnaissance, used two different UAC bypass techniques, dumped credentials, escalated privileges using a ZeroLogon exploit, and moved laterally through the environment.
#thedfirreport#EN#2022#bumblebee#case#analysis
·thedfirreport.com·
BumbleBee Zeros in on Meterpreter
Bumblebee Returns with New Infection Technique
Bumblebee Returns with New Infection Technique
Delivers Payload Using Post Exploitation Framework During our routine threat-hunting exercise, Cyble Research & Intelligence Labs (CRIL) came across a Twitter post wherein a researcher mentioned an interesting infection chain of the Bumblebee loader malware being distributed via spam campaigns. Bumblebee is a replacement for the BazarLoader malware, which acts as a downloader and delivers known attack frameworks and open-source tools such as Cobalt Strike, Shellcode, Sliver, Meterpreter, etc. It also downloads other types of malware such as ransomware, trojans, etc.
#cyble#EN#2022#Bumblebee#Analysis
·blog.cyble.com·
Bumblebee Returns with New Infection Technique
THREAT ANALYSIS REPORT: Bumblebee Loader – The High Road to Enterprise Domain Control
THREAT ANALYSIS REPORT: Bumblebee Loader – The High Road to Enterprise Domain Control
Cybereason GSOC observed distribution of the Bumblebee Loader and post-exploitation activities including privilege escalation, reconnaissance and credential theft. Bumblebee operators use the Cobalt Strike framework throughout the attack and abuse credentials for privilege escalation to access Active Directory, as well as abusing a domain administrator account to move laterally, create local user accounts and exfiltrate data...
#cybereason#EN#2022#THREAT#ANALYSIS#REPORT#Bumblebee#Loader#CobaltStrike
·cybereason.com·
THREAT ANALYSIS REPORT: Bumblebee Loader – The High Road to Enterprise Domain Control
THREAT ANALYSIS REPORT: Bumblebee Loader – The High Road to Enterprise Domain Control
THREAT ANALYSIS REPORT: Bumblebee Loader – The High Road to Enterprise Domain Control
Cybereason GSOC observed distribution of the Bumblebee Loader and post-exploitation activities including privilege escalation, reconnaissance and credential theft. Bumblebee operators use the Cobalt Strike framework throughout the attack and abuse credentials for privilege escalation to access Active Directory, as well as abusing a domain administrator account to move laterally, create local user accounts and exfiltrate data...
#cybereason#EN#2022#THREAT#ANALYSIS#REPORT#Bumblebee#Loader#CobaltStrike
·cybereason.com·
THREAT ANALYSIS REPORT: Bumblebee Loader – The High Road to Enterprise Domain Control