[MART] - Daily Diary #541 - Bumblebee Loader Is The Next Big Thing

CTAS-MAT ctas-mat at appgate.com
Wed Jun 29 20:17:09 UTC 2022


I hope everyone is doing well!

Below is the entry for today.

06/29/2022 - Diary entry #541:

Covered in our Daily Diary #499, Bumblebee was found replacing BazaLoader in campaigns of different threat actors. Most recently, Bumblebee was observed in attacks related to different Ransomware groups such as Conti, Quantum, and Mountlocker.

Offered as a Malware-as-a-Service, Bumblebee supports multiple commands and it targets Windows systems using a highly obfuscated DLL and advanced anti-analysis techniques. The TTPs (Tactics, Techniques, and Procedures) suggest that Bumblebee is indeed replacing BazaLoader and older loaders like TrickBot.

Besides deploying Ransomware, Bumblebee was found dropping legitimate software such as Remote desktop and data exfiltration tools. Therefore, although very simple, finding Bumblebee in one of your systems must raise a red flag, as it means an advanced threat actor is probably already inside your network.

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>

Felipe Tarijon de Almeida
Malware Analyst

E: felipe.tarijon at appgate.com<mailto:felipe.tarijon at appgate.com>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220629/002bc29c/attachment.htm>

More information about the MART mailing list