New: Threat Exposure Validation Impact Report 2025
Learn More
Join our Summer Webinar Series on Threat Exposure Validation
Register Now
Come meet us at Black Hat USA 2025 | Booth 1640
Book a Meeting
Book a Demo
Book a Demo

BumbleBee Used To Drop A Meterpreter Agent

November 15, 2022

The intrusion began with the delivery of an ISO file that contained an LNK and a DLL. The threat actors leveraged BumbleBee to load a Meterpreter agent and Cobalt Strike Beacons. They then performed reconnaissance, used two different UAC bypass techniques, dumped credentials, escalated privileges using a ZeroLogon exploit, and moved laterally through the environment.

Featured Resources

cymulate at black hat usa 2025
blog

Cymulate at Black Hat USA 2025

August 2–7 | Mandalay Bay, Las Vegas | Booth 1640 Visit Event Page →  At Black Hat USA 2025, Cymulate

Read More
image
blog

Making SIEM Alerts Smarter: Best Practices for Real-World Detection

SIEM alerts are mission-critical, but also a minefield. For every high-value alert that catches a real threat in progress, security

Read More
image
blog

Get Ready to Get MCPwned — Cymulate’s Elite CTF on Securing the Model Context Protocol

When AI agents meet the real world, every protocol becomes a potential attack vector. That’s the big idea behind MCPwned,

Read More