xHunt Campaign: New BumbleBee Webshell and SSH Tunnels Used for Lateral Movement
In September 2020, a detailed investigation into a prolonged xHunt campaign targeting a Kuwaiti organization revealed the presence of a newly discovered webshell named BumbleBee, alongside two other backdoors called TriFive and Snugy. The BumbleBee webshell was notable for its ability to upload/download files and execute commands on the compromised Microsoft Exchange server.