The PolySwarm Blog

Related Families: BazarLoader, BazaLoader

Executive Summary

BumbleBee is a sophisticated loader. It was first seen in the wild in 2022 and was a replacement for BazarLoader. It recently re-emerged with a new infection chain, indicating an evolving threat.

Related Families: Bumblebee, IcedId
Verticals Targeted: Financial

Executive Summary

BlackBerry recently reported on Emotet’s new TTPs, including new email lures, IcedID, and Bumblebee as secondary payloads and evasion methods.

Related Families: BazarLoader, BazaLoader, Conti, BazarBackdoor, Trickbot, Diavol, Sliver, Bokbot, Meterpreter, Cobalt Strike

Verticals Targeted: Multiple

Executive Summary

Earlier this month, Palo Alto’s Unit 42 reported on recent activity leveraging Bumblebee. Unit 42 observed activity by multiple threat actors, including Projector Libra.