Malware

BloodHound

First seen: 2016-01 • Status: active

Currently Active Threat

BloodHound maps out a company's network to find the easiest path to administrator access. Hackers use it to plan their attacks.

Overview

BloodHound is an Active Directory reconnaissance tool that maps attack paths. It helps attackers (and defenders) find ways to escalate privileges.

Also Known As

SharpHound

How It Spreads

  • Post-exploitation deployment

What It Does

  • Maps Active Directory relationships
  • Finds attack paths
  • Identifies privilege escalation routes

Is your business exposed?

Target Platforms

Windows

Detection Tips

  • Monitor for LDAP enumeration
  • Watch for SharpHound execution

MITRE ATT&CK Techniques

T1087, T1069, T1482

If You're Infected

  1. 1.

    Review AD security configuration

  2. 2.

    Fix identified attack paths

Related Malware

Mimikatz, Cobalt Strike

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices