0attributed CVEs
22ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
—years active
About this actor
[EXOTIC LILY](https://attack.mitre.org/groups/G1011) is a financially motivated group that has been closely linked with [Wizard Spider](https://attack.mitre.org/groups/G0102) and the deployment of ransomware including [Conti](https://attack.mitre.org/software/S0575) and [Diavol](https://attack.mitre.org/software/S0659). [EXOTIC LILY](https://attack.mitre.org/groups/G1011) may be acting as an initial access broker for other malicious actors, and has targeted a wide range of industries including IT, cybersecurity, and healthcare since at least September 2021.(Citation: Google EXOTIC LILY March 2022)
Source: MITRE ATT&CK
Activity timeline
No activity events recorded.
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
| No attributed CVEs. | |||||
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
AC-4 | 9 / 22 | 41% |
CA-7 | 9 / 22 | 41% |
SC-7 | 9 / 22 | 41% |
SI-3 | 9 / 22 | 41% |
SI-4 | 9 / 22 | 41% |
SC-44 | 8 / 22 | 36% |
CM-2 | 7 / 22 | 32% |
CM-6 | 7 / 22 | 32% |
SI-8 | 7 / 22 | 32% |
SI-2 | 6 / 22 | 27% |
CM-7 | 4 / 22 | 18% |
IA-9 | 3 / 22 | 14% |
SC-20 | 3 / 22 | 14% |
SI-7 | 3 / 22 | 14% |
AC-6 | 2 / 22 | 9% |
Co-occurring actors
None.
Similar actors
Similar TTPs
- C0011 0.38
- Star Blizzard 0.33
- Operation Spalax 0.31
- Operation Dust Storm 0.31
- Saint Bear 0.30