EXOTIC LILY

[EXOTIC LILY](https://attack.mitre.org/groups/G1011) is a financially motivated group that has been closely linked with [Wizard Spider](https://attack.mitre.org/groups/G0102) and the deployment of ransomware including [Conti](https://attack.mitre.org/software/S0575) and [Diavol](https://attack.mitre.org/software/S0659). [EXOTIC LILY](https://attack.mitre.org/groups/G1011) may be acting as an initial access broker for other malicious actors, and has targeted a wide range of industries including IT, cybersecurity, and healthcare since at least September 2021.(Citation: Google EXOTIC LILY March 2...

Techniques

Covered

Gaps

67%

Coverage

Coverage10/15

GAPS (5)

T1585.001Social Media Accounts T1585.002Email Accounts T1593.001Social Media T1594Search Victim-Owned Websites T1597Search Closed Sources

COVERED (10)

T1102Web Service33 det.T1203Exploitation for Client Execution71 det.T1204.001Malicious Link9 det.T1204.002Malicious File397 det.T1566.001Spearphishing Attachment850 det.T1566.002Spearphishing Link837 det.T1566.003Spearphishing via Service85 det.T1583.001Domains61 det.T1589.002Email Addresses2 det.T1608.001Upload Malware2 det.