← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Orion Threat Alert: Flight of the BumbleBee - Cynet
WHITE BumbleBee IAB Techronik 2022-08-12 Modified: 2022-09-11
28
IOCs
MEDIUM VOLUME
A new malware campaign in the wild has been spotted by security firm Cynet and its researchers, who spotted a new trend in Initial Access Brokers' (IAB) tactics to gain access to victims’ machines.
bumblebeecobalt strikecontiiabbumblebee iabiso imagedll payloadlnk filec2 servertransferxlbumblebee dllmaldocmalspamaprilpersistencestringsexamplebazarloadericedidlockbitavoslocker
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
BumbleBee IAB CONTI Cobalt Strike
Indicators of Compromise (28)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain
TYPEINDICATORDESCRIPTIONCREATED
CVE CVE-2022-3019 2022-08-12
FileHash-MD5 3f34d94803e9c8bc0a9cd09f507bc515 MD5 of 4063fab9176db3960fa6014173b6c7ba52f19424887f5a6205ff73aa447ada61 2022-08-12
FileHash-MD5 54c0ae8530a79b79d62877e7527e236f MD5 of 53b3ebaa3c485772f8e6abaa0f366ef192137496a7064e015ced4e6fc204b3c8 2022-08-12
FileHash-MD5 59baede0aac3a38c8578aa8fef89d960 MD5 of c97b8bffcbe424cbc2a6e1135068d071c6f4e8f020fccd2db3dbee3aa80102ac 2022-08-12
FileHash-MD5 8335ad591afdfdd65f90536b9ff15597 MD5 of 8f47c3962a7c418bae71fec42bbca9524b72f8f0fd2dd81d1175138f7d20b2f7 2022-08-12
FileHash-MD5 87d3e33a513772706c9b0b7a42151928 MD5 of 186145f84ed6a473ec6bc4afa66bff156057888938793b12afd17659041ddbba 2022-08-12
FileHash-MD5 c9e37a67f7e3dd3826c23ee04a62ec7b MD5 of 4a49e2f06ba48d3a88fdeb83fb8021f3d165535e8ea5319b16a7ebe4da9c0751 2022-08-12
FileHash-SHA1 19fa63af83dfed8023f10147c33c8edb6aabb1b4 SHA1 of c97b8bffcbe424cbc2a6e1135068d071c6f4e8f020fccd2db3dbee3aa80102ac 2022-08-12
FileHash-SHA1 aa157fabb858a9e7ae0d138246545f776934cba7 SHA1 of 4a49e2f06ba48d3a88fdeb83fb8021f3d165535e8ea5319b16a7ebe4da9c0751 2022-08-12
FileHash-SHA1 ac6dff8d2277ad03618e9a464a7b3bb01674ddcd SHA1 of 53b3ebaa3c485772f8e6abaa0f366ef192137496a7064e015ced4e6fc204b3c8 2022-08-12
FileHash-SHA1 be9e16933821f27477f3616b5fc7dc21cf136ad9 SHA1 of 4063fab9176db3960fa6014173b6c7ba52f19424887f5a6205ff73aa447ada61 2022-08-12
FileHash-SHA1 bfc8b6501dfac4583979f12552535c2923b881bf SHA1 of 8f47c3962a7c418bae71fec42bbca9524b72f8f0fd2dd81d1175138f7d20b2f7 2022-08-12
FileHash-SHA1 f906051f2b1f5251a5138af2013376632f7aee58 SHA1 of 186145f84ed6a473ec6bc4afa66bff156057888938793b12afd17659041ddbba 2022-08-12
FileHash-SHA256 08cd6983f183ef65eabd073c01f137a913282504e2502ac34a1be3e599ac386b 2022-08-12
FileHash-SHA256 186145f84ed6a473ec6bc4afa66bff156057888938793b12afd17659041ddbba 2022-08-12
FileHash-SHA256 4063fab9176db3960fa6014173b6c7ba52f19424887f5a6205ff73aa447ada61 2022-08-12
FileHash-SHA256 4a49e2f06ba48d3a88fdeb83fb8021f3d165535e8ea5319b16a7ebe4da9c0751 2022-08-12
FileHash-SHA256 53b3ebaa3c485772f8e6abaa0f366ef192137496a7064e015ced4e6fc204b3c8 2022-08-12
FileHash-SHA256 88f5ae9691e6bcdd4065a420eafaf3e3aa32c69605bf564a42ffd8ecd25c9920 2022-08-12
FileHash-SHA256 8f47c3962a7c418bae71fec42bbca9524b72f8f0fd2dd81d1175138f7d20b2f7 2022-08-12
FileHash-SHA256 c97b8bffcbe424cbc2a6e1135068d071c6f4e8f020fccd2db3dbee3aa80102ac 2022-08-12
FileHash-SHA256 d74a3f9b35d657516eb53d4e70582f93d22077d3e0936758cc4ef76d5171075d 2022-08-12
URL http://192.236.198.63:433 2022-08-12
URL http://23.82.19.208:443 2022-08-12
URL http://45.147.229.177:433 2022-08-12
domain hojimizeg.com 2022-08-12
domain notixow.com 2022-08-12
domain rewujisaf.com 2022-08-12
References (1)
↗ https://www.cynet.com/blog/orion-threat-alert-flight-of-the-bumblebee/