Derp.ca

BumbleBee

Also known as: COLDTRAIN, SHELLSTING, Shindig

This malware is delivered by an ISO file, with an DLL inside with a custom loader. Because of the unique user-agent "bumblebee" this malware was dubbed BUMBLEBEE. At the time of Analysis by Google's Threat Analysis Group (TAG) BumbleBee was observed to fetch Cobalt Strike Payloads.

Linked Threat Actors

EXOTIC LILYGOLD CABINTA578TA579

Last 7 days

No activity observed in the last 7 days.

Further Reading

Botnet C&C | Botnet Threat Update January to June 2025 | Report
spamhaus.org
Remote Code Execution Zero-Day (CVE-2021-40444) Hits Windows, Triggered Via Office Docs

Microsoft has disclosed the existence of a new zero-day vulnerability that affects multiple versions of Windows. This vulnerability (designated as CVE-2021-40444) is currently delivered via malicio...

trendmicro.com
Understanding BumbleBee: The malicious behavior of BumbleBee - VMRay

In this blog series, we're exploring all you need to know about BumbleBee. This time, let's dive deeper into the malicious behavior.

vmray.com
Understanding BumbleBee: BumbleBee’s malware configuration and clusters - VMRay

Explore BumbleBee malware’s configuration secrets and discover the interconnected web of its malicious operations in this in-depth analysis.

vmray.com