EXOTIC LILY
Aliases: None listed
EXOTIC LILY is a financially motivated group that has been closely linked with Wizard Spider and the deployment of ransomware including Conti and Diavol. EXOTIC LILY may be acting as an initial access broker for other malicious actors, and has targeted a wide range of industries including IT, cybersecurity, and healthcare since at least September 2021.
Open interactive actor investigation
ATT&CK techniques
T1566.003
Spearphishing via ServiceT1585.001
Social Media AccountsT1566.001
Spearphishing AttachmentT1203
Exploitation for Client ExecutionT1566.002
Spearphishing LinkT1204.002
Malicious FileT1585.002
Email AccountsT1102
Web ServiceT1594
Search Victim-Owned WebsitesT1204.001
Malicious LinkT1597
Search Closed SourcesT1583.001
DomainsT1593.001
Social MediaT1589.002
Email AddressesT1608.001
Upload Malware
Spearphishing via ServiceT1585.001
Social Media AccountsT1566.001
Spearphishing AttachmentT1203
Exploitation for Client ExecutionT1566.002
Spearphishing LinkT1204.002
Malicious FileT1585.002
Email AccountsT1102
Web ServiceT1594
Search Victim-Owned WebsitesT1204.001
Malicious LinkT1597
Search Closed SourcesT1583.001
DomainsT1593.001
Social MediaT1589.002
Email AddressesT1608.001
Upload Malware