246 lines
21 KiB
Markdown
246 lines
21 KiB
Markdown
# BumbleBee - Cyber Threat Intelligence
|
|
|
|
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the campaign known as _BumbleBee_. The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
|
|
|
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor](https://vuldb.com/?actor)
|
|
|
|
## Countries
|
|
|
|
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with BumbleBee:
|
|
|
|
* [VN](https://vuldb.com/?country.vn)
|
|
* [US](https://vuldb.com/?country.us)
|
|
* [GB](https://vuldb.com/?country.gb)
|
|
* ...
|
|
|
|
There are 5 more country items available. Please use our online service to access the data.
|
|
|
|
## Actors
|
|
|
|
These _actors_ are associated with BumbleBee or other actors linked to the campaign.
|
|
|
|
ID | Actor | Confidence
|
|
-- | ----- | ----------
|
|
1 | [xHunt](https://vuldb.com/?actor.xhunt) | High
|
|
2 | [Exotic Lily](https://vuldb.com/?actor.exotic_lily) | High
|
|
3 | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
4 | ... | ...
|
|
|
|
There are 1 more actor items available. Please use our online service to access the data.
|
|
|
|
## IOC - Indicator of Compromise
|
|
|
|
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of BumbleBee.
|
|
|
|
ID | IP address | Hostname | Actor | Confidence
|
|
-- | ---------- | -------- | ----- | ----------
|
|
1 | [0.42.131.123](https://vuldb.com/?ip.0.42.131.123) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
2 | [0.134.23.62](https://vuldb.com/?ip.0.134.23.62) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
3 | [0.151.228.146](https://vuldb.com/?ip.0.151.228.146) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
4 | [1.32.39.22](https://vuldb.com/?ip.1.32.39.22) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
5 | [1.39.166.217](https://vuldb.com/?ip.1.39.166.217) | 1-39-166-217.live.vodafone.in | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
6 | [2.97.24.126](https://vuldb.com/?ip.2.97.24.126) | host-2-97-24-126.as13285.net | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
7 | [2.190.89.140](https://vuldb.com/?ip.2.190.89.140) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
8 | [2.211.111.213](https://vuldb.com/?ip.2.211.111.213) | dynamic-002-211-111-213.2.211.pool.telefonica.de | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
9 | [3.144.143.242](https://vuldb.com/?ip.3.144.143.242) | ec2-3-144-143-242.us-east-2.compute.amazonaws.com | [Bumblebee](https://vuldb.com/?actor.bumblebee) | Medium
|
|
10 | [3.172.226.46](https://vuldb.com/?ip.3.172.226.46) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
11 | [4.165.175.212](https://vuldb.com/?ip.4.165.175.212) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
12 | [5.152.80.211](https://vuldb.com/?ip.5.152.80.211) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
13 | [5.239.33.172](https://vuldb.com/?ip.5.239.33.172) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
14 | [6.30.139.246](https://vuldb.com/?ip.6.30.139.246) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
15 | [6.249.22.42](https://vuldb.com/?ip.6.249.22.42) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
16 | [7.233.9.154](https://vuldb.com/?ip.7.233.9.154) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
17 | [8.12.181.20](https://vuldb.com/?ip.8.12.181.20) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
18 | [9.63.15.101](https://vuldb.com/?ip.9.63.15.101) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
19 | [9.240.112.25](https://vuldb.com/?ip.9.240.112.25) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
20 | [10.28.17.62](https://vuldb.com/?ip.10.28.17.62) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
21 | [11.1.201.27](https://vuldb.com/?ip.11.1.201.27) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
22 | [12.75.186.131](https://vuldb.com/?ip.12.75.186.131) | 131.newark-21-23rs.nj.dial-access.att.net | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
23 | [12.115.36.174](https://vuldb.com/?ip.12.115.36.174) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
24 | [12.153.80.238](https://vuldb.com/?ip.12.153.80.238) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
25 | [12.202.229.195](https://vuldb.com/?ip.12.202.229.195) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
26 | [12.236.242.155](https://vuldb.com/?ip.12.236.242.155) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
27 | [13.2.200.200](https://vuldb.com/?ip.13.2.200.200) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
28 | [13.218.205.215](https://vuldb.com/?ip.13.218.205.215) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
29 | [14.7.69.141](https://vuldb.com/?ip.14.7.69.141) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
30 | [14.40.68.19](https://vuldb.com/?ip.14.40.68.19) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
31 | [14.102.170.127](https://vuldb.com/?ip.14.102.170.127) | cache-ipnet01.nexlogic.ph | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
32 | [14.155.143.74](https://vuldb.com/?ip.14.155.143.74) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
33 | [14.163.179.250](https://vuldb.com/?ip.14.163.179.250) | static.vnpt.vn | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
34 | [15.209.19.148](https://vuldb.com/?ip.15.209.19.148) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
35 | [18.8.71.243](https://vuldb.com/?ip.18.8.71.243) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
36 | [18.127.96.221](https://vuldb.com/?ip.18.127.96.221) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
37 | [19.32.56.182](https://vuldb.com/?ip.19.32.56.182) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
38 | [19.71.13.153](https://vuldb.com/?ip.19.71.13.153) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
39 | [20.150.149.28](https://vuldb.com/?ip.20.150.149.28) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
40 | [21.21.141.32](https://vuldb.com/?ip.21.21.141.32) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
41 | [21.29.238.98](https://vuldb.com/?ip.21.29.238.98) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
42 | [21.175.22.99](https://vuldb.com/?ip.21.175.22.99) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
43 | [21.246.85.34](https://vuldb.com/?ip.21.246.85.34) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
44 | [22.83.186.45](https://vuldb.com/?ip.22.83.186.45) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
45 | [22.175.0.90](https://vuldb.com/?ip.22.175.0.90) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
46 | [23.81.246.187](https://vuldb.com/?ip.23.81.246.187) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
47 | [23.82.19.208](https://vuldb.com/?ip.23.82.19.208) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
48 | [23.82.140.133](https://vuldb.com/?ip.23.82.140.133) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
49 | [23.82.141.184](https://vuldb.com/?ip.23.82.141.184) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
50 | [23.83.133.1](https://vuldb.com/?ip.23.83.133.1) | v327.er01.dal.ubiquity.io | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
51 | [23.83.133.182](https://vuldb.com/?ip.23.83.133.182) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
52 | [23.83.133.216](https://vuldb.com/?ip.23.83.133.216) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
53 | [23.83.134.110](https://vuldb.com/?ip.23.83.134.110) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
54 | [23.83.134.136](https://vuldb.com/?ip.23.83.134.136) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
55 | [23.92.127.18](https://vuldb.com/?ip.23.92.127.18) | - | [xHunt](https://vuldb.com/?actor.xhunt) | High
|
|
56 | [23.106.160.39](https://vuldb.com/?ip.23.106.160.39) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
57 | [23.106.160.120](https://vuldb.com/?ip.23.106.160.120) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
58 | [23.106.215.123](https://vuldb.com/?ip.23.106.215.123) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
59 | [23.108.57.13](https://vuldb.com/?ip.23.108.57.13) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
60 | [23.227.198.217](https://vuldb.com/?ip.23.227.198.217) | 23-227-198-217.static.hvvc.us | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
61 | [23.254.201.97](https://vuldb.com/?ip.23.254.201.97) | hwsrv-974106.hostwindsdns.com | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
62 | [23.254.202.59](https://vuldb.com/?ip.23.254.202.59) | hwsrv-987701.hostwindsdns.com | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
63 | [23.254.217.20](https://vuldb.com/?ip.23.254.217.20) | hwsrv-984041.hostwindsdns.com | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
64 | [23.254.217.222](https://vuldb.com/?ip.23.254.217.222) | hwsrv-976272.hostwindsdns.com | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
65 | [23.254.227.144](https://vuldb.com/?ip.23.254.227.144) | hwsrv-982332.hostwindsdns.com | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
66 | [24.4.68.32](https://vuldb.com/?ip.24.4.68.32) | c-24-4-68-32.hsd1.ca.comcast.net | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
67 | [24.57.185.167](https://vuldb.com/?ip.24.57.185.167) | d24-57-185-167.home.cgocable.net | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
68 | [24.121.25.160](https://vuldb.com/?ip.24.121.25.160) | 24-121-25-160.sdoncmtk01.com.dyn.suddenlink.net | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
69 | [25.5.198.104](https://vuldb.com/?ip.25.5.198.104) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
70 | [25.170.215.18](https://vuldb.com/?ip.25.170.215.18) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
71 | [25.181.64.39](https://vuldb.com/?ip.25.181.64.39) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
72 | [26.6.83.53](https://vuldb.com/?ip.26.6.83.53) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
73 | [28.11.143.222](https://vuldb.com/?ip.28.11.143.222) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
74 | [28.53.120.108](https://vuldb.com/?ip.28.53.120.108) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
75 | [28.107.38.196](https://vuldb.com/?ip.28.107.38.196) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
76 | [28.148.236.16](https://vuldb.com/?ip.28.148.236.16) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
77 | [29.64.0.111](https://vuldb.com/?ip.29.64.0.111) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
78 | [29.122.243.158](https://vuldb.com/?ip.29.122.243.158) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
79 | [30.17.4.146](https://vuldb.com/?ip.30.17.4.146) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
80 | [30.65.48.152](https://vuldb.com/?ip.30.65.48.152) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
81 | [30.205.76.70](https://vuldb.com/?ip.30.205.76.70) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
82 | [31.228.253.114](https://vuldb.com/?ip.31.228.253.114) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
83 | [32.181.245.23](https://vuldb.com/?ip.32.181.245.23) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
84 | [33.93.97.183](https://vuldb.com/?ip.33.93.97.183) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
85 | [33.145.184.132](https://vuldb.com/?ip.33.145.184.132) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
86 | [34.229.154.31](https://vuldb.com/?ip.34.229.154.31) | ec2-34-229-154-31.compute-1.amazonaws.com | [Bumblebee](https://vuldb.com/?actor.bumblebee) | Medium
|
|
87 | [35.120.155.220](https://vuldb.com/?ip.35.120.155.220) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
88 | [36.110.58.103](https://vuldb.com/?ip.36.110.58.103) | 103.58.110.36.static.bjtelecom.net | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
89 | [37.64.220.2](https://vuldb.com/?ip.37.64.220.2) | 2.220.64.37.rev.sfr.net | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
90 | [37.72.174.9](https://vuldb.com/?ip.37.72.174.9) | emailmail.org.uk | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
91 | [37.72.174.23](https://vuldb.com/?ip.37.72.174.23) | 37-72-174-23.static.hvvc.us | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
92 | [37.120.198.248](https://vuldb.com/?ip.37.120.198.248) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
93 | [38.12.57.131](https://vuldb.com/?ip.38.12.57.131) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
94 | [39.57.152.217](https://vuldb.com/?ip.39.57.152.217) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
95 | [40.72.17.141](https://vuldb.com/?ip.40.72.17.141) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
96 | [41.28.188.77](https://vuldb.com/?ip.41.28.188.77) | vc-gp-s-41-28-188-77.umts.vodacom.co.za | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
97 | [41.56.181.200](https://vuldb.com/?ip.41.56.181.200) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
98 | [45.3.236.177](https://vuldb.com/?ip.45.3.236.177) | 045-003-236-177.biz.spectrum.com | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
99 | [45.11.19.224](https://vuldb.com/?ip.45.11.19.224) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
100 | [45.66.151.155](https://vuldb.com/?ip.45.66.151.155) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
101 | [45.84.0.13](https://vuldb.com/?ip.45.84.0.13) | vm523902.stark-industries.solutions | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
102 | [45.138.172.246](https://vuldb.com/?ip.45.138.172.246) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
103 | [45.140.146.30](https://vuldb.com/?ip.45.140.146.30) | vm542320.stark-industries.solutions | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
104 | [45.140.146.244](https://vuldb.com/?ip.45.140.146.244) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
105 | [45.142.214.120](https://vuldb.com/?ip.45.142.214.120) | vm516885.stark-industries.solutions | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
106 | [45.142.214.167](https://vuldb.com/?ip.45.142.214.167) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
107 | [45.147.229.23](https://vuldb.com/?ip.45.147.229.23) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
108 | [45.147.229.50](https://vuldb.com/?ip.45.147.229.50) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
109 | [45.147.229.101](https://vuldb.com/?ip.45.147.229.101) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
110 | [45.147.229.177](https://vuldb.com/?ip.45.147.229.177) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
111 | [45.147.229.199](https://vuldb.com/?ip.45.147.229.199) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
112 | [45.147.231.107](https://vuldb.com/?ip.45.147.231.107) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
113 | [45.147.231.202](https://vuldb.com/?ip.45.147.231.202) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
114 | [45.153.240.139](https://vuldb.com/?ip.45.153.240.139) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
115 | [45.153.241.187](https://vuldb.com/?ip.45.153.241.187) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
116 | [45.153.241.234](https://vuldb.com/?ip.45.153.241.234) | - | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
117 | [46.21.153.145](https://vuldb.com/?ip.46.21.153.145) | 145.153.21.46.static.swiftway.net | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
118 | [46.44.240.53](https://vuldb.com/?ip.46.44.240.53) | 46-44-240-53.ip.welcomeitalia.it | [Bumblebee](https://vuldb.com/?actor.bumblebee) | High
|
|
119 | [46.246.3.253](https://vuldb.com/?ip.46.246.3.253) | - | [xHunt](https://vuldb.com/?actor.xhunt) | High
|
|
120 | [46.246.3.254](https://vuldb.com/?ip.46.246.3.254) | - | [xHunt](https://vuldb.com/?actor.xhunt) | High
|
|
121 | ... | ... | ... | ...
|
|
|
|
There are 480 more IOC items available. Please use our online service to access the data.
|
|
|
|
## TTP - Tactics, Techniques, Procedures
|
|
|
|
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used within BumbleBee. This data is unique as it uses our predictive model for actor profiling.
|
|
|
|
ID | Technique | Weakness | Description | Confidence
|
|
-- | --------- | -------- | ----------- | ----------
|
|
1 | T1006 | CWE-21, CWE-22, CWE-36 | Pathname Traversal | High
|
|
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
|
3 | T1055 | CWE-74 | Injection | High
|
|
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
|
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
|
6 | ... | ... | ... | ...
|
|
|
|
There are 19 more TTP items available. Please use our online service to access the data.
|
|
|
|
## IOA - Indicator of Attack
|
|
|
|
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration during BumbleBee. This data is unique as it uses our predictive model for actor profiling.
|
|
|
|
ID | Type | Indicator | Confidence
|
|
-- | ---- | --------- | ----------
|
|
1 | File | `/admin/addemployee.php` | High
|
|
2 | File | `/admin/del.php` | High
|
|
3 | File | `/admin/delete.php` | High
|
|
4 | File | `/admin/delstu.php` | High
|
|
5 | File | `/admin/lab.php` | High
|
|
6 | File | `/admin/login.php` | High
|
|
7 | File | `/admin/products/controller.php?action=add` | High
|
|
8 | File | `/bd_genie_create_account.cgi` | High
|
|
9 | File | `/carbon/mediation_secure_vault/properties/ajaxprocessor.jsp` | High
|
|
10 | File | `/categories/view_category.php` | High
|
|
11 | File | `/cgi-bin/ExportSettings.sh` | High
|
|
12 | File | `/cgi-bin/wlogin.cgi` | High
|
|
13 | File | `/classes/Master.php?f=delete_img` | High
|
|
14 | File | `/defaultui/player/modern.html` | High
|
|
15 | File | `/etc/ciel.cfg` | High
|
|
16 | File | `/etc/srapi/config/system.conf` | High
|
|
17 | File | `/goform/addRouting` | High
|
|
18 | File | `/goform/Diagnosis` | High
|
|
19 | File | `/goform/form2userconfig.cgi` | High
|
|
20 | File | `/goform/NTPSyncWithHost` | High
|
|
21 | File | `/goform/SetIpMacBind` | High
|
|
22 | File | `/goform/setMAC` | High
|
|
23 | ... | ... | ...
|
|
|
|
There are 191 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
|
|
|
## References
|
|
|
|
The following list contains _external sources_ which discuss the campaign and the associated activities:
|
|
|
|
* https://1275.ru/ioc/151/bumblebee-loader-iocs/
|
|
* https://1275.ru/ioc/250/bumblebee-malware-iocs-part-3/
|
|
* https://1275.ru/ioc/287/bumblebee-malware-iocs-part-4/
|
|
* https://1275.ru/ioc/347/bumblebee-loader-iocs-part-5/
|
|
* https://blog.google/threat-analysis-group/exposing-initial-access-broker-ties-conti/
|
|
* https://community.blueliv.com/#!/s/62b165ee82df417a00331a19
|
|
* https://community.blueliv.com/#!/s/6285f1a182df41552632f533
|
|
* https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_01.06.2022.txt
|
|
* https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_02.06.2022.txt
|
|
* https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_03.06.2022.txt
|
|
* https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_07.06.2022.txt
|
|
* https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_09.06.2022.txt
|
|
* https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_13.06.2022.txt
|
|
* https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_14.06.2022.txt
|
|
* https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_15.06.2022.txt
|
|
* https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_16.06.2022.txt
|
|
* https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_17.06.2022.txt
|
|
* https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_23.06.2022.txt
|
|
* https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_27.05.2022.txt
|
|
* https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_27.06.2022.txt
|
|
* https://twitter.com/malware_traffic/status/1537168576162979843
|
|
* https://unit42.paloaltonetworks.com/bumblebee-webshell-xhunt-campaign/
|
|
* https://www.cybereason.com/blog/threat-analysis-report-bumblebee-loader-the-high-road-to-enterprise-domain-control
|
|
|
|
## Literature
|
|
|
|
The following _articles_ explain our unique predictive cyber threat intelligence:
|
|
|
|
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
|
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
|
|
|
## License
|
|
|
|
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|