[x] Block bumblebee malware returning after law enforcement server takedown.
Description
Bumblebee is a highly sophisticated downloader malware cybercriminals use to gain access to corporate networks and deliver other payloads such as Cobalt Strike beacons and ransomware.
The Bumblebee malware loader has been spotted in new attacks recently, more than four months after Europol disrupted it during 'Operation Endgame' in May.
Believed to be the creation of TrickBot developers, the malware emerged in 2022 as a replacement for the BazarLoader backdoor to provide ransomware threat actors access to victim networks.
Enhancement idea
bumblebeemalware returning after law enforcement server takedown.Description
Bumblebee is a highly sophisticated downloader malware cybercriminals use to gain access to corporate networks and deliver other payloads such as Cobalt Strike beacons and ransomware.
The Bumblebee malware loader has been spotted in new attacks recently, more than four months after Europol disrupted it during 'Operation Endgame' in May.
Believed to be the creation of
TrickBotdevelopers, the malware emerged in 2022 as a replacement for theBazarLoaderbackdoor to provide ransomware threat actors access to victim networks.Screenshots
Links
https://github.com/netskopeoss/NetskopeThreatLabsIOCs/tree/main/Malware/Bumblebee/IOCs
https://www.netskope.com/blog/new-bumblebee-loader-infection-chain-signals-possible-resurgence
IOC
I2P websites
n/a
IPFS websites
n/a
Tor2web websites
n/a
TOR websites
n/a
URL's
n/a
Folders
n/a
Sub-Domains
n/a
Domains
n/a
IP's
ASN's
n/a
Emails
n/a
Wallet addresses
n/a
Mining pool addresses
n/a