top of page

Bumblebee Returns with New Infection Technique

Bumblebee is a replacement for the BazarLoader malware, which acts as a downloader and delivers known attack frameworks and open-source tools such as Cobalt Strike, Shellcode, Sliver, Meterpreter, etc. It also downloads other types of malware such as ransomware, trojans, etc. The initial infection starts with a spam email that has a password-protected attachment that contains a .VHD (Virtual Hard Disk) extension file.


ATT&CK IDS: T1104 - Multi-Stage Channels, T1140 - Deobfuscate/Decode Files or Information, T1564 - Hide Artifacts, T1547 - Boot or Logon Autostart Execution, T1012 - Query Registry, T1027 - Obfuscated Files or Information, T1055 - Process Injection, T1059 - Command and Scripting Interpreter, T1082 - System Information Discovery, T1204 - User Execution, T1497 - Virtualization/Sandbox Evasion, T1518 - Software Discovery, T1566 - Phishing, T1574 - Hijack Execution Flow

Read More:



Commenting has been turned off.
bottom of page