Common Information
| Type | Value |
|---|---|
| Value |
EXOTIC LILY - G1011 |
| Category | Actor |
| Type | Mitre-Intrusion-Set |
| Misp Type | Cluster |
| Description | [EXOTIC LILY](https://attack.mitre.org/groups/G1011) is a financially motivated group that has been closely linked with [Wizard Spider](https://attack.mitre.org/groups/G0102) and the deployment of ransomware including [Conti](https://attack.mitre.org/software/S0575) and [Diavol](https://attack.mitre.org/software/S0659). [EXOTIC LILY](https://attack.mitre.org/groups/G1011) may be acting as an initial access broker for other malicious actors, and has targeted a wide range of industries including IT, cybersecurity, and healthcare since at least September 2021.(Citation: Google EXOTIC LILY March 2022) |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-08-13 | 21 | Common Malware Loaders - ReliaQuest | ||
| Details | Website | 2024-08-12 | 7 | Bumblebee Loader | ||
| Details | Website | 2023-09-15 | 11 | Tracking Adversaries: Akira, another descendent of Conti | ||
| Details | Website | 2023-03-15 | 0 | Email Threats: HTML Smuggling on the Dark Web - ReliaQuest | ||
| Details | Website | 2023-03-01 | 0 | Growing Cybercrime Outsourcing Model: Initial Access Brokers | ||
| Details | Website | 2022-12-16 | 4 | The DPRK delicate sound of cyber | ||
| Details | Website | 2022-11-17 | 8 | The Continuity of Conti | ||
| Details | Website | 2022-11-07 | 8 | Top Critical Vulnerabilities Used by Ransomware Groups -SOCRadar | ||
| Details | Website | 2022-10-03 | 0 | Bumblebee Malware Loader's Payloads Significantly Vary by Victim System | ||
| Details | Website | 2022-09-05 | 33 | From BumbleBee to Cobalt Strike: Steps of a BumbleBee intrusion - Darktrace Blog | ||
| Details | Website | 2022-08-25 | 4 | Oktapus campaign. Exotic Lily's Bumblebee Loader. DNS traffic insights. DHS shutters disinfo board. Hybrid war at six months. | ||
| Details | Website | 2022-08-24 | 10 | Bumblebee Malware: Deep Instinct Prevents Attack Pre-Execution | Deep Instinct | ||
| Details | Website | 2022-08-18 | 0 | Hackers Using Bumblebee Loader to Compromise Active Directory Services | ||
| Details | Website | 2022-08-08 | 143 | BumbleBee Roasts Its Way to Domain Admin | ||
| Details | Website | 2022-08-03 | 16 | Flight of the Bumblebee: Email Lures and File Sharing Services Lead to Malware | ||
| Details | Website | 2022-04-28 | 1 | New Bumblebee malware replaces Conti's BazarLoader in cyberattacks | ||
| Details | Website | 2022-04-14 | 34 | Orion Threat Alert: Flight of the BumbleBee - Cynet | ||
| Details | Website | 2022-03-17 | 33 | Exposing initial access broker with ties to Conti | ||
| Details | Website | 2022-03-15 | 619 | What Wicked Webs We Un-weave - Prevailion | ||
| Details | Website | 2022-01-01 | 2 | Cloudzy With a Chance of Global Cybercrime | Cyware Hacker News | ||
| Details | Website | 2021-01-01 | 0 | New Email Threats by Exotic Lily | Cyware Hacker News |