38 KiB
BumbleBee - Cyber Threat Intelligence
These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as BumbleBee. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.
Live data and more analysis capabilities are available at https://vuldb.com/?actor.bumblebee
Countries
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with BumbleBee:
There are 4 more country items available. Please use our online service to access the data.
IOC - Indicator of Compromise
These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of BumbleBee.
ID | IP address | Hostname | Campaign | Confidence |
---|---|---|---|---|
1 | 0.151.228.146 | - | - | High |
2 | 0.208.210.72 | - | - | High |
3 | 1.32.39.22 | - | - | High |
4 | 1.39.166.217 | 1-39-166-217.live.vodafone.in | - | High |
5 | 2.50.39.29 | bba-2-50-39-29.alshamil.net.ae | - | High |
6 | 2.56.10.16 | - | - | High |
7 | 2.97.24.126 | host-2-97-24-126.as13285.net | - | High |
8 | 2.100.7.120 | host-2-100-7-120.as13285.net | - | High |
9 | 2.126.13.36 | 027e0d24.bb.sky.com | - | High |
10 | 2.190.89.140 | - | - | High |
11 | 2.211.111.213 | dynamic-002-211-111-213.2.211.pool.telefonica.de | - | High |
12 | 2.240.132.127 | dynamic-002-240-132-127.2.240.pool.telefonica.de | - | High |
13 | 3.85.198.66 | ec2-3-85-198-66.compute-1.amazonaws.com | - | Medium |
14 | 3.144.143.242 | ec2-3-144-143-242.us-east-2.compute.amazonaws.com | - | Medium |
15 | 3.172.226.46 | - | - | High |
16 | 3.215.24.1 | ec2-3-215-24-1.compute-1.amazonaws.com | - | Medium |
17 | 4.13.210.199 | - | - | High |
18 | 4.165.175.212 | - | - | High |
19 | 4.177.13.86 | - | - | High |
20 | 4.236.88.115 | - | - | High |
21 | 5.45.54.50 | - | - | High |
22 | 5.53.19.66 | dhcp-66-19-53-5.metrosg.ru | - | High |
23 | 5.141.46.137 | - | - | High |
24 | 5.152.80.211 | - | - | High |
25 | 5.237.231.132 | - | - | High |
26 | 5.239.33.172 | - | - | High |
27 | 6.10.249.12 | - | - | High |
28 | 6.30.139.246 | - | - | High |
29 | 6.249.22.42 | - | - | High |
30 | 7.12.29.221 | - | - | High |
31 | 7.71.244.186 | - | - | High |
32 | 7.233.9.154 | - | - | High |
33 | 8.12.181.20 | - | - | High |
34 | 8.76.233.176 | - | - | High |
35 | 8.126.95.33 | - | - | High |
36 | 8.219.132.142 | - | - | High |
37 | 8.222.182.83 | - | - | High |
38 | 8.222.227.103 | - | - | High |
39 | 8.253.171.67 | - | - | High |
40 | 9.63.15.101 | - | - | High |
41 | 9.240.112.25 | - | - | High |
42 | 10.28.17.62 | - | - | High |
43 | 11.1.201.27 | - | - | High |
44 | 12.75.186.131 | 131.newark-21-23rs.nj.dial-access.att.net | - | High |
45 | 12.115.36.174 | - | - | High |
46 | 12.153.80.238 | - | - | High |
47 | 12.194.222.34 | - | - | High |
48 | 12.202.229.195 | - | - | High |
49 | 12.236.242.155 | - | - | High |
50 | 13.2.200.200 | - | - | High |
51 | 13.218.205.215 | - | - | High |
52 | 13.234.171.104 | ec2-13-234-171-104.ap-south-1.compute.amazonaws.com | - | Medium |
53 | 14.7.69.141 | - | - | High |
54 | 14.11.77.37 | M014011077037.v4.enabler.ne.jp | - | High |
55 | 14.40.68.19 | - | - | High |
56 | 14.63.191.213 | - | - | High |
57 | 14.102.170.127 | cache-ipnet01.nexlogic.ph | - | High |
58 | 14.128.51.19 | - | - | High |
59 | 14.155.143.74 | - | - | High |
60 | 14.163.179.250 | static.vnpt.vn | - | High |
61 | 14.195.237.81 | static-81.237.195.14-tataidc.co.in | - | High |
62 | 15.209.19.148 | - | - | High |
63 | 15.248.60.137 | - | - | High |
64 | 16.86.113.88 | - | - | High |
65 | 16.249.204.133 | - | - | High |
66 | 17.29.249.188 | - | - | High |
67 | 17.147.212.14 | - | - | High |
68 | 18.8.71.243 | - | - | High |
69 | 18.127.96.221 | - | - | High |
70 | 18.141.105.98 | ec2-18-141-105-98.ap-southeast-1.compute.amazonaws.com | - | Medium |
71 | 18.151.45.13 | - | - | High |
72 | 18.210.196.217 | ec2-18-210-196-217.compute-1.amazonaws.com | - | Medium |
73 | 19.32.56.182 | - | - | High |
74 | 19.71.13.153 | - | - | High |
75 | 19.128.78.21 | - | - | High |
76 | 20.22.18.80 | - | - | High |
77 | 20.150.149.28 | - | - | High |
78 | 21.21.141.32 | - | - | High |
79 | 21.29.238.98 | - | - | High |
80 | 21.175.22.99 | - | - | High |
81 | 21.246.85.34 | - | - | High |
82 | 22.39.164.0 | - | - | High |
83 | 22.83.186.45 | - | - | High |
84 | 22.175.0.90 | - | - | High |
85 | 22.252.18.49 | - | - | High |
86 | 23.19.58.176 | i58.176.lofame.net | - | High |
87 | 23.19.58.212 | - | - | High |
88 | 23.19.58.251 | - | - | High |
89 | 23.29.115.164 | 23-29-115-164.static.hvvc.us | - | High |
90 | 23.29.115.172 | 23-29-115-172.static.hvvc.us | - | High |
91 | 23.81.246.17 | - | - | High |
92 | 23.81.246.22 | - | - | High |
93 | 23.81.246.171 | - | - | High |
94 | 23.81.246.187 | - | - | High |
95 | 23.81.246.205 | - | - | High |
96 | 23.82.19.119 | - | - | High |
97 | 23.82.19.208 | - | - | High |
98 | 23.82.128.11 | - | - | High |
99 | 23.82.128.116 | - | - | High |
100 | 23.82.128.127 | - | - | High |
101 | 23.82.128.149 | - | - | High |
102 | 23.82.140.14 | - | - | High |
103 | 23.82.140.100 | - | - | High |
104 | 23.82.140.133 | - | - | High |
105 | 23.82.140.155 | - | - | High |
106 | 23.82.140.180 | - | - | High |
107 | 23.82.141.11 | - | - | High |
108 | 23.82.141.184 | - | - | High |
109 | 23.82.141.185 | - | - | High |
110 | 23.83.133.1 | v327.er01.dal.ubiquity.io | - | High |
111 | 23.83.133.13 | - | - | High |
112 | 23.83.133.182 | - | - | High |
113 | 23.83.133.215 | - | - | High |
114 | 23.83.133.216 | - | - | High |
115 | 23.83.134.110 | - | - | High |
116 | 23.83.134.133 | - | - | High |
117 | 23.83.134.136 | - | - | High |
118 | 23.88.117.246 | static.246.117.88.23.clients.your-server.de | - | High |
119 | 23.106.124.23 | - | - | High |
120 | 23.106.124.154 | - | - | High |
121 | 23.106.160.33 | - | - | High |
122 | 23.106.160.39 | - | - | High |
123 | 23.106.160.40 | - | - | High |
124 | 23.106.160.52 | - | - | High |
125 | 23.106.160.82 | - | - | High |
126 | 23.106.160.112 | - | - | High |
127 | 23.106.160.117 | - | - | High |
128 | 23.106.160.120 | - | - | High |
129 | 23.106.160.137 | - | - | High |
130 | 23.106.160.141 | - | - | High |
131 | 23.106.215.45 | - | - | High |
132 | 23.106.215.60 | - | - | High |
133 | 23.106.215.82 | - | - | High |
134 | 23.106.215.123 | - | - | High |
135 | 23.106.215.133 | - | - | High |
136 | 23.106.215.141 | - | - | High |
137 | 23.106.215.165 | zootech.click | - | High |
138 | 23.106.215.225 | - | - | High |
139 | 23.106.215.230 | - | - | High |
140 | 23.106.215.233 | - | - | High |
141 | 23.106.223.1 | - | - | High |
142 | 23.106.223.14 | - | - | High |
143 | 23.106.223.130 | - | - | High |
144 | 23.106.223.144 | - | - | High |
145 | 23.106.223.182 | - | - | High |
146 | 23.106.223.197 | - | - | High |
147 | 23.106.223.209 | - | - | High |
148 | 23.106.223.219 | - | - | High |
149 | 23.106.223.222 | - | - | High |
150 | 23.108.57.5 | - | - | High |
151 | 23.108.57.13 | - | - | High |
152 | 23.108.57.29 | - | - | High |
153 | 23.108.57.57 | tuks.net | - | High |
154 | 23.108.57.59 | - | - | High |
155 | 23.108.57.65 | - | - | High |
156 | 23.108.57.66 | - | - | High |
157 | 23.108.57.79 | - | - | High |
158 | 23.108.57.87 | - | - | High |
159 | 23.108.57.161 | - | - | High |
160 | 23.108.57.200 | - | - | High |
161 | 23.108.57.201 | - | - | High |
162 | 23.108.57.250 | - | - | High |
163 | 23.136.208.76 | - | - | High |
164 | 23.227.198.195 | multiatom.com | - | High |
165 | 23.227.198.217 | 23-227-198-217.static.hvvc.us | - | High |
166 | 23.227.198.241 | 23-227-198-241.static.hvvc.us | - | High |
167 | 23.227.202.179 | trackvous.com | - | High |
168 | 23.227.203.120 | 23-227-203-120.static.hvvc.us | - | High |
169 | 23.229.117.229 | - | - | High |
170 | 23.254.142.159 | client-23-254-142-159.hostwindsdns.com | - | High |
171 | 23.254.161.46 | hwsrv-1063022.hostwindsdns.com | - | High |
172 | 23.254.167.63 | hwsrv-1063920.hostwindsdns.com | - | High |
173 | 23.254.167.143 | client-23-254-167-143.hostwindsdns.com | - | High |
174 | 23.254.201.97 | hwsrv-974106.hostwindsdns.com | - | High |
175 | 23.254.202.59 | hwsrv-987701.hostwindsdns.com | - | High |
176 | 23.254.204.109 | client-23-254-204-109.hostwindsdns.com | - | High |
177 | 23.254.204.210 | hwsrv-1046249.hostwindsdns.com | - | High |
178 | 23.254.217.20 | hwsrv-984041.hostwindsdns.com | - | High |
179 | 23.254.217.222 | hwsrv-976272.hostwindsdns.com | - | High |
180 | 23.254.224.200 | hwsrv-1001143.hostwindsdns.com | - | High |
181 | 23.254.225.130 | hwsrv-1067630.hostwindsdns.com | - | High |
182 | 23.254.225.249 | client-23-254-225-249.hostwindsdns.com | - | High |
183 | 23.254.227.53 | hwsrv-1057942.hostwindsdns.com | - | High |
184 | 23.254.227.144 | hwsrv-982332.hostwindsdns.com | - | High |
185 | 23.254.229.131 | ruth.gobuddy.info | - | High |
186 | 23.254.229.210 | tigern.throwbackdinos.com | - | High |
187 | 23.254.247.48 | hwsrv-1063028.hostwindsdns.com | - | High |
188 | 24.4.68.32 | c-24-4-68-32.hsd1.ca.comcast.net | - | High |
189 | 24.57.185.167 | d24-57-185-167.home.cgocable.net | - | High |
190 | 24.121.25.160 | 24-121-25-160.sdoncmtk01.com.dyn.suddenlink.net | - | High |
191 | 24.183.132.242 | 024-183-132-242.res.spectrum.com | - | High |
192 | 25.5.198.104 | - | - | High |
193 | 25.131.252.242 | - | - | High |
194 | 25.169.42.242 | - | - | High |
195 | 25.170.215.18 | - | - | High |
196 | 25.181.64.39 | - | - | High |
197 | 26.6.83.53 | - | - | High |
198 | 27.31.180.123 | - | - | High |
199 | 28.11.143.222 | - | - | High |
200 | 28.23.200.103 | - | - | High |
201 | 28.53.120.108 | - | - | High |
202 | 28.107.38.196 | - | - | High |
203 | 28.148.236.16 | - | - | High |
204 | 28.183.174.200 | - | - | High |
205 | 29.15.120.102 | - | - | High |
206 | 29.64.0.111 | - | - | High |
207 | 29.122.243.158 | - | - | High |
208 | 29.203.98.166 | - | - | High |
209 | 30.17.4.146 | - | - | High |
210 | 30.65.48.152 | - | - | High |
211 | 30.140.193.246 | - | - | High |
212 | 30.205.76.70 | - | - | High |
213 | 30.225.24.243 | - | - | High |
214 | 31.135.71.34 | - | - | High |
215 | 31.228.253.114 | - | - | High |
216 | 31.232.16.192 | - | - | High |
217 | 32.54.188.44 | - | - | High |
218 | 32.181.245.23 | - | - | High |
219 | 33.93.97.183 | - | - | High |
220 | 33.145.184.132 | - | - | High |
221 | 33.191.119.32 | - | - | High |
222 | 34.1.180.202 | - | - | High |
223 | 34.2.221.48 | - | - | High |
224 | 34.34.152.166 | 166.152.34.34.bc.googleusercontent.com | - | Medium |
225 | 34.77.116.45 | 45.116.77.34.bc.googleusercontent.com | - | Medium |
226 | 34.119.95.6 | 6.95.119.34.bc.googleusercontent.com | - | Medium |
227 | 34.229.154.31 | ec2-34-229-154-31.compute-1.amazonaws.com | - | Medium |
228 | 35.120.155.220 | - | - | High |
229 | 35.239.11.197 | 197.11.239.35.bc.googleusercontent.com | - | Medium |
230 | 36.110.58.103 | 103.58.110.36.static.bjtelecom.net | - | High |
231 | 36.150.76.13 | - | - | High |
232 | 36.201.196.202 | - | - | High |
233 | 37.1.214.72 | - | - | High |
234 | 37.1.214.229 | - | - | High |
235 | 37.28.155.36 | d155036.artnet.gda.pl | - | High |
236 | 37.28.156.24 | d156024.artnet.gda.pl | - | High |
237 | 37.28.157.29 | d157029.artnet.gda.pl | - | High |
238 | 37.42.62.77 | - | - | High |
239 | 37.64.220.2 | 2.220.64.37.rev.sfr.net | - | High |
240 | 37.72.174.9 | emailmail.org.uk | - | High |
241 | 37.72.174.23 | 37-72-174-23.static.hvvc.us | - | High |
242 | 37.120.198.248 | - | - | High |
243 | 37.189.74.5 | bl28-74-5.dsl.telepac.pt | - | High |
244 | 37.221.67.104 | host001 | - | High |
245 | 37.221.67.122 | finese | - | High |
246 | 38.12.57.131 | - | - | High |
247 | 38.48.147.152 | - | - | High |
248 | 38.180.4.165 | - | - | High |
249 | 38.180.25.71 | - | - | High |
250 | 38.180.25.111 | - | - | High |
251 | 39.57.152.217 | - | - | High |
252 | 40.47.149.113 | - | - | High |
253 | 40.72.17.141 | - | - | High |
254 | 41.7.15.180 | vc-cpt-41-7-15-180.umts.vodacom.co.za | - | High |
255 | 41.15.71.157 | vc-gp-n-41-15-71-157.umts.vodacom.co.za | - | High |
256 | 41.28.188.77 | vc-gp-s-41-28-188-77.umts.vodacom.co.za | - | High |
257 | 41.56.181.200 | - | - | High |
258 | 41.70.42.112 | - | - | High |
259 | 42.63.100.82 | - | - | High |
260 | 42.104.196.184 | - | - | High |
261 | 42.179.23.39 | - | - | High |
262 | 43.155.161.152 | - | - | High |
263 | 43.184.255.110 | - | - | High |
264 | 44.94.75.93 | - | - | High |
265 | 44.224.48.159 | ec2-44-224-48-159.us-west-2.compute.amazonaws.com | - | Medium |
266 | 45.3.236.177 | 045-003-236-177.biz.spectrum.com | - | High |
267 | 45.11.19.70 | - | - | High |
268 | 45.11.19.86 | - | - | High |
269 | 45.11.19.208 | - | - | High |
270 | 45.11.19.224 | - | - | High |
271 | 45.11.19.252 | - | - | High |
272 | 45.32.37.109 | 45.32.37.109.vultrusercontent.com | - | High |
273 | 45.61.184.8 | mail.oelke.tec.br | - | High |
274 | 45.61.184.24 | - | - | High |
275 | 45.61.184.227 | MiamiTorNew1.Quetzalcoatl-relays.org | - | High |
276 | 45.61.185.65 | exitrelay40.medvideos-tor.org | - | High |
277 | 45.61.185.227 | - | - | High |
278 | 45.61.186.18 | - | - | High |
279 | 45.61.186.51 | - | - | High |
280 | 45.61.187.10 | 45-61-187-10.ger.priv.allsafevpn.com | - | High |
281 | 45.61.187.40 | - | - | High |
282 | 45.61.187.123 | smtp20.shbgura.xyz | - | High |
283 | 45.61.187.160 | - | - | High |
284 | 45.61.187.170 | - | - | High |
285 | 45.61.187.204 | - | - | High |
286 | 45.61.187.225 | - | - | High |
287 | 45.66.151.59 | - | - | High |
288 | 45.66.151.142 | - | - | High |
289 | 45.66.151.150 | - | - | High |
290 | 45.66.151.151 | - | - | High |
291 | 45.66.151.155 | - | - | High |
292 | 45.66.151.193 | - | - | High |
293 | 45.66.248.61 | parts861.simplestartvideos.com | - | High |
294 | 45.66.248.64 | 0n3reye0i0.alyanova.com | - | High |
295 | 45.66.248.156 | - | - | High |
296 | 45.66.248.216 | spam.lastmer.xyz | - | High |
297 | 45.67.231.123 | mihome.ru | - | High |
298 | 45.67.231.151 | vm1197030.stark-industries.solutions | - | High |
299 | 45.84.0.13 | vm523902.stark-industries.solutions | - | High |
300 | 45.84.240.87 | - | - | High |
301 | 45.132.180.49 | - | - | High |
302 | 45.138.172.22 | - | - | High |
303 | 45.138.172.246 | - | - | High |
304 | 45.140.146.30 | vm542320.stark-industries.solutions | - | High |
305 | 45.140.146.244 | - | - | High |
306 | 45.141.58.37 | - | - | High |
307 | 45.141.58.139 | galorebase.com | - | High |
308 | 45.142.214.120 | vm516885.stark-industries.solutions | - | High |
309 | 45.142.214.167 | - | - | High |
310 | 45.147.229.23 | - | - | High |
311 | 45.147.229.47 | - | - | High |
312 | 45.147.229.50 | - | - | High |
313 | 45.147.229.101 | - | - | High |
314 | 45.147.229.177 | - | - | High |
315 | 45.147.229.199 | - | - | High |
316 | 45.147.229.223 | - | - | High |
317 | 45.147.230.179 | - | - | High |
318 | 45.147.230.233 | - | - | High |
319 | 45.147.230.245 | poppuworls.club | - | High |
320 | 45.147.231.107 | - | - | High |
321 | 45.147.231.156 | - | - | High |
322 | 45.147.231.202 | - | - | High |
323 | 45.147.231.232 | - | - | High |
324 | 45.150.67.154 | vm1326648.stark-industries.solutions | - | High |
325 | 45.153.240.56 | - | - | High |
326 | 45.153.240.94 | - | - | High |
327 | 45.153.240.139 | - | - | High |
328 | 45.153.240.155 | - | - | High |
329 | 45.153.241.19 | - | - | High |
330 | 45.153.241.64 | - | - | High |
331 | 45.153.241.120 | - | - | High |
332 | 45.153.241.187 | - | - | High |
333 | 45.153.241.209 | - | - | High |
334 | 45.153.241.234 | - | - | High |
335 | 45.153.241.245 | - | - | High |
336 | 45.153.242.61 | - | - | High |
337 | 45.153.242.100 | - | - | High |
338 | 45.153.242.105 | - | - | High |
339 | 45.153.242.183 | - | - | High |
340 | 45.153.242.184 | - | - | High |
341 | 45.153.242.242 | - | - | High |
342 | 45.153.243.82 | - | - | High |
343 | 45.153.243.93 | - | - | High |
344 | 45.153.243.111 | - | - | High |
345 | 45.153.243.126 | - | - | High |
346 | 45.153.243.130 | - | - | High |
347 | 45.153.243.222 | - | - | High |
348 | 46.21.153.145 | 145.153.21.46.static.swiftway.net | - | High |
349 | 46.21.153.157 | 157.153.21.46.static.swiftway.net | - | High |
350 | 46.21.153.246 | 246.153.21.46.static.swiftway.net | - | High |
351 | 46.44.240.53 | 46-44-240-53.ip.welcomeitalia.it | - | High |
352 | 46.142.186.28 | 28-186-142-46.pool.kielnet.net | - | High |
353 | 46.142.187.27 | 27-187-142-46.pool.kielnet.net | - | High |
354 | 46.142.187.96 | 96-187-142-46.pool.kielnet.net | - | High |
355 | 46.214.226.37 | 46-214-226-37.next-gen.ro | - | High |
356 | 46.240.5.92 | - | - | High |
357 | 46.249.38.114 | - | - | High |
358 | 46.249.38.141 | - | - | High |
359 | 47.26.53.19 | 047-026-053-019.res.spectrum.com | - | High |
360 | 47.27.63.45 | 047-027-063-045.res.spectrum.com | - | High |
361 | 47.58.200.234 | 47-58-200-234.red-acceso.airtel.net | - | High |
362 | ... | ... | ... | ... |
There are 1445 more IOC items available. Please use our online service to access the data.
TTP - Tactics, Techniques, Procedures
Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by BumbleBee. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence |
---|---|---|---|---|
1 | T1006 | CWE-22, CWE-23, CWE-36 | Path Traversal | High |
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High |
3 | T1055 | CWE-74 | Injection | High |
4 | T1059 | CWE-94, CWE-1321 | Argument Injection | High |
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High |
6 | ... | ... | ... | ... |
There are 20 more TTP items available. Please use our online service to access the data.
IOA - Indicator of Attack
These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by BumbleBee. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence |
---|---|---|---|
1 | File | /admin_ping.htm |
High |
2 | File | /app/index/controller/Common.php |
High |
3 | File | /application/index/controller/Databasesource.php |
High |
4 | File | /application/index/controller/Icon.php |
High |
5 | File | /application/index/controller/Screen.php |
High |
6 | File | /application/plugins/controller/Upload.php |
High |
7 | File | /application/websocket/controller/Setting.php |
High |
8 | File | /belegungsplan/wochenuebersicht.inc.php |
High |
9 | File | /calendar/minimizer/index.php |
High |
10 | File | /cgi-bin/mainfunction.cgi |
High |
11 | File | /cgi-bin/nobody/VerifyCode.cgi |
High |
12 | File | /cgi-bin/supervisor/PwdGrp.cgi |
High |
13 | File | /cgi-bin/wlogin.cgi |
High |
14 | File | /cgi.cgi |
Medium |
15 | File | /core/tools/update_menu.php |
High |
16 | File | /counter/index2.php |
High |
17 | File | /DXR.axd |
Medium |
18 | File | /forum/away.php |
High |
19 | File | /general/attendance/manage/ask_duty/delete.php |
High |
20 | File | /highlight/index.html |
High |
21 | File | /iisadmin |
Medium |
22 | File | /iissamples |
Medium |
23 | File | /include/dialog/select_templets_post.php |
High |
24 | File | /includes/js/admin.php |
High |
25 | File | /index.php?menu=asterisk_cli |
High |
26 | File | /install/ |
Medium |
27 | File | /modx/manager/index.php |
High |
28 | File | /php-opos/index.php |
High |
29 | File | /search-result/ |
High |
30 | File | /search.php |
Medium |
31 | File | /server-status |
High |
32 | File | /sgms/reports/scheduledreports/configure/scheduleProps.jsp |
High |
33 | File | /SysInfo1.htm |
High |
34 | File | /templates/header.inc.php |
High |
35 | File | /useratte/userattestation.php |
High |
36 | File | /webmail/ |
Medium |
37 | File | /webmail/server/webmail.php |
High |
38 | ... | ... | ... |
There are 329 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
References
The following list contains external sources which discuss the actor and the associated activities:
- https://1275.ru/ioc/151/bumblebee-loader-iocs/
- https://1275.ru/ioc/250/bumblebee-malware-iocs-part-3/
- https://1275.ru/ioc/287/bumblebee-malware-iocs-part-4/
- https://1275.ru/ioc/347/bumblebee-loader-iocs-part-5/
- https://bazaar.abuse.ch/sample/c5e1089ccd97a0c10fe296a313a5f0731bc883ac5e0d6309164ab8f0bc7652dc/
- https://blog.cyble.com/2022/06/07/bumblebee-loader-on-the-rise/
- https://blog.google/threat-analysis-group/exposing-initial-access-broker-ties-conti/
- https://community.blueliv.com/#!/s/62b165ee82df417a00331a19
- https://community.blueliv.com/#!/s/6285f1a182df41552632f533
- https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_01.06.2022.txt
- https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_02.06.2022.txt
- https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_03.06.2022.txt
- https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_07.06.2022.txt
- https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_09.06.2022.txt
- https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_13.06.2022.txt
- https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_14.06.2022.txt
- https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_15.06.2022.txt
- https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_16.06.2022.txt
- https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_17.06.2022.txt
- https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_23.06.2022.txt
- https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_27.05.2022.txt
- https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_27.06.2022.txt
- https://research.checkpoint.com/2022/bumblebee-increasing-its-capacity-and-evolving-its-ttps/
- https://search.censys.io/hosts/34.100.227.178+178.227.100.34.bc.googleusercontent.com
- https://search.censys.io/hosts/35.200.145.215+215.145.200.35.bc.googleusercontent.com
- https://search.censys.io/hosts/35.200.177.178+178.177.200.35.bc.googleusercontent.com
- https://search.censys.io/hosts/164.52.200.182
- https://search.censys.io/hosts/164.52.201.144
- https://search.censys.io/hosts/164.52.203.68
- https://search.censys.io/hosts/164.52.204.122
- https://search.censys.io/hosts/164.52.210.159
- https://search.censys.io/hosts/164.52.211.43
- https://search.censys.io/hosts/164.52.219.118
- https://search.censys.io/hosts/164.52.223.174
- https://search.censys.io/hosts/216.48.177.248
- https://search.censys.io/hosts/216.48.178.45
- https://search.censys.io/hosts/216.48.179.60
- https://search.censys.io/hosts/216.48.179.68
- https://search.censys.io/hosts/216.48.179.106
- https://search.censys.io/hosts/216.48.179.170
- https://search.censys.io/hosts/216.48.179.174
- https://search.censys.io/hosts/216.48.180.70
- https://search.censys.io/hosts/216.48.181.201
- https://search.censys.io/hosts/216.48.182.251
- https://search.censys.io/hosts/216.48.183.41
- https://search.censys.io/hosts/216.48.183.60
- https://search.censys.io/hosts/216.48.183.70
- https://search.censys.io/hosts/216.48.183.71
- https://search.censys.io/hosts/216.48.183.75
- https://search.censys.io/hosts/216.48.183.81
- https://search.censys.io/hosts/216.48.183.85
- https://search.censys.io/hosts/216.48.183.206
- https://search.censys.io/hosts/216.48.184.188
- https://search.censys.io/hosts/216.48.185.13
- https://search.censys.io/hosts/216.48.185.120
- https://thedfirreport.com/2022/09/26/bumblebee-round-two/
- https://threatfox.abuse.ch
- https://twitter.com/k3dg3/status/1524443218519240706
- https://twitter.com/Max_Mal_/status/1595806604443754496
- https://urlhaus.abuse.ch/url/2231415/
- https://www.cybereason.com/blog/threat-analysis-report-bumblebee-loader-the-high-road-to-enterprise-domain-control
- https://www.joesandbox.com/analysis/717845/0/html
- https://www.joesandbox.com/analysis/1085369
- https://www.proofpoint.com/us/blog/threat-insight/bumblebee-buzzes-back-black
- https://www.trendmicro.com/en_us/research/22/i/buzzing-in-the-background-bumblebee-a-new-modular-backdoor-evolv.html
Literature
The following articles explain our unique predictive cyber threat intelligence:
- VulDB Cyber Threat Intelligence Documentation
- Cyber Threat Intelligence - Early Anticipation of Attacks
License
(c) 1997-2024 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!