BeeFlush (e0841981-9310-4e48-be0f-3076c2207b8d)
BeeFlush is a web shell that reads in data from web traffic, specifically the Fushd parameter using Java. It will decode the data and concatenate it with a standard output stream redirector for /bin/sh. Once the C2 command is executed, BeeFlush reads the input stream and base64 encodes the message before writing it back out again.[MITRE-Engenuity May 3 2024]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| UNC5221 (71e9b27e-8d68-4ed6-b3ab-14142558b9ff) | Tidal Groups | BeeFlush (e0841981-9310-4e48-be0f-3076c2207b8d) | Tidal Software | 1 |