The spring of 2022 saw a spike in activity of Bumblebee loader, a recent threat that has garnered a lot of attention due to its many links to several well-known malware families. Bumblebee is in constant evolution, which is best demonstrated by the fact that the loader system has undergone a radical change twice in the range of a few days — first from the use of ISO format files to VHD format files containing a powershell script, then back again.
REFERENCE: https://research.checkpoint.com/2022/bumblebee-increasing-its-capacity-and-evolving-its-ttps/
TAGS: meterpreter, bumblebee, cobaltstrike, powershell, sliver, infostealers, botnet, sandbox evasion
MALWARE FAMILY: Bumblebee
ATT&CK IDS: T1105 - Ingress Tool Transfer, T1140 - Deobfuscate/Decode Files or Information, T1102 - Web Service, T1027 - Obfuscated Files or Information, T1497 - Virtualization/Sandbox Evasion, T1205 - Traffic Signaling, T1055 - Process Injection, T1072 - Software Deployment Tools, T1059 - Command and Scripting Interpreter
Read More:
Comments