S1039Windows

S1039Bumblebee

Platforms
1
ATT&CK
14.1
References
4

Description

[Bumblebee](https://attack.mitre.org/software/S1039) is a custom loader written in C++ that has been used by multiple threat actors, including possible initial access brokers, to download and execute additional payloads since at least March 2022. [Bumblebee](https://attack.mitre.org/software/S1039) has been linked to ransomware operations including [Conti](https://attack.mitre.org/software/S0575), Quantum, and Mountlocker and derived its name from the appearance of "bumblebee" in the user-agent.(Citation: Google EXOTIC LILY March 2022)(Citation: Proofpoint Bumblebee April 2022)(Citation: Symantec Bumblebee June 2022)

Platforms· 1

Windows

References

  1. https://attack.mitre.org/software/S1039
  2. https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/bumblebee-loader-cybercrime
  3. https://www.proofpoint.com/us/blog/threat-insight/bumblebee-is-still-transforming
  4. https://blog.google/threat-analysis-group/exposing-initial-access-broker-ties-conti/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
Squirrelwaffle
Software
Prestige
Software
Rclone
Software
Badbeeteam
Software
Royal
Software
Windows10
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.