CDT Watch – June 2022

FOCUS TECH

Bumblebee

 

 

Initial Access
(TA0001)
Execution
(TA0002)
Persistence
(TA0003)
Privilege Escalation
(TA0004)

Phishing:

Spearphishing Attachment

T1566.001

Command and Scripting Interpreter: Visual Basic

T1059.005

Scheduled Task/Job

T1053

Process Injection: Dynamic-link Library Injection

T1055.001

Phishing: Spearphishing Link

T1566.002

Windows Management Instrumentation

T1047

 

Process Injection: Asynchronous Procedure Call

T1055.004

 

Defense Evasion
(TA0005)
Discovery
(TA0007)
Command and Control
(TA0011)

Process Injection: Dynamic-link Library Injection

T1055.001

System Information Discovery

T1082

Encrypted Channel: Symmetric Cryptography

T1573.002

Process Injection: Asynchronous Procedure Call

T1055.004

Process Discovery

T1057

Ingress Tool Transfer

T1105

Hide Artifacts: Hidden Files and Directories

T1564.001

 

 

Indicator Removal on Host: File Deletion

T1070.004

 

 

Virtualization/Sandbox Evasion

T1497

 

 

Deobfuscate/Decode Files or Information

T1140

 

 

SOURCES :

Bumblebee is still transforming, Proofpoint

[1] https://www.malware-traffic-analysis.net/2022/index.html

[2]https://isc.sans.edu/forums/diary/How+the+Contact+Forms+campaign+tricks+people/28142/

 

CERT-W: FROM THE FRONT LINE

The First Responder Word

 

Reading Of The Month

We recommend the article of Robert Lemos, a darkreading contributing writer about firms which suffers identity-related breaches.

80% of firms suffered identity-related breaches in last 12 months, Robert Lemos

 

SEE YOU NEXT MONTH!!

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top