Among the threat actors distributing Bumblebee is Projector Libra. Also known as EXOTIC LILY, Projector Libra is a criminal group that uses file sharing services to distribute malware after direct email correspondence with a potential victim. Projector Libra has been reported as an initial access broker with ties to Conti ransomware.
ADVERSARY: Projector Libra
MALWARE FAMILIES: Bumblebee, BazarLoader
ATT&CK IDS: T1547 - Boot or Logon Autostart Execution, T1566 - Phishing, T1564 - Hide Artifacts