Happy Sunday!

The Intel 471 team provides their findings of the #BumbleBee loader as it makes its comeback after a two month break. Taking the place of the #BazarLoader (the source code was leaked when the #Conti leak occurred). The BumbleBee loader has been associated with distributing ransomware and is currently being used by multiple threat actors. My favorite part of this article though (and not surprising) is all the MITRE ATT&CK mappings that provide all the #ThreatHunters a place to start looking, so thank you for that team! I hope you all enjoy and Happy Hunting!

Bumblebee Loader Resurfaces in New Campaign
https://intel471.com/blog/bumblebee-loader-resurfaces-in-new-campaign

#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

#BazarLoader / #BazarBackdoor also uses the BackConnect protocol do deploy reverse VNC. This screenshot is from @malware_traffic's 2021-11-05 Bazar PCAP. The #BackConnect server was running on 87.120.8.190:9090

BazarCaller – the malware gang that talks you into infecting yourself - Calling someone back feels safer than clicking an unknown link... but it isn't! Remind yo... https://nakedsecurity.sophos.com/2021/08/03/bazarcaller-the-malware-gang-that-talks-you-into-infecting-yourself/ #bazarloader #bazacaller #bazaloader #microsoft #malware #scam

Threat Roundup for May 14 to May 21 - Today, Talos is publishing a glimpse into the most prevalent threats we've observe... http://feedproxy.google.com/~r/feedburner/Talos/~3/CbfPo4HC6XU/threat-roundup-0514-0521.html #vulnerabilities #threatroundup #bazarloader #ciscotalos #features #trickbot #banload #malware #securex #dridex #nymaim #tofsee #zegost #talos #iocs #razy #zbot

Threat Roundup for January 8 to January 15 - Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 8 a... http://feedproxy.google.com/~r/feedburner/Talos/~3/woaYH9fG8c4/threat-roundup-0108-0115.html #vulnerabilities #fickerstealer #threatroundup #bazarloader #ciscotalos #glupteba #malware #redline #bunitu #dridex #expiro #tofsee #zegost #talos

Cyberattacks on Healthcare Spike 45% Since November - The relentless rise in COVID-19 cases is battering already frayed healthcare systems — and ransomw... https://threatpost.com/cyberattacks-healthcare-spike-ransomware/162770/ #healthcarecybersecurity #criticalinfrastructure #ransomwareasaservice #softwareasaservice #cobaltstrike.ddos #vulnerabilities #cloudsecurity #cisaadvisory #websecurity #bazarloader #healthcare #ransomware #sodinokibi #hospitals #covid-19 #trickbot #malware

IT-гигант Sopra Steria подвергся атаке вымогательского ПО Ryuk #кибератака, #Ryuk, #TrickBot, #BazarLoader https://www.securitylab.ru/news/513326.php https://twitter.com/SecurityLabnews/status/1319936680644743169/photo/1

Ryuk Ransomware Gang Uses Zerologon Bug for Lightning-Fast Attack - Researchers said the group was able to move from initial phish to full domain-wide encryption in j... https://threatpost.com/ryuk-ransomware-gang-zerologon-lightning-attack/160286/ #initialphishingemail #privilegeescalation #vulnerabilities #activedirectory #attackanalysis #cve-2020-1472 #cobaltstrike #websecurity #bazarloader #dfirreport #fivehours #zerologon #malware #ryuk

Операторы TrickBot используют вредонос BazarLoader для загрузки Ryuk #TrickBot, #BazarLoader https://www.securitylab.ru/news/513052.php https://twitter.com/SecurityLabnews/status/1316287642913439744/photo/1