Jun 29, 2026
C2 Hosts: 3
BumbleBee
Also known as: COLDTRAIN, SHELLSTING, Shindig
This malware is delivered by an ISO file, with an DLL inside with a custom loader. Because of the unique user-agent "bumblebee" this malware was dubbed BUMBLEBEE. At the time of Analysis by Google's Threat Analysis Group (TAG) BumbleBee was observed to fetch Cobalt Strike Payloads.
Linked Threat Actors
EXOTIC LILYGOLD CABINTA578TA579
C2 Infrastructure
Hosting/VPS 100%
Last 7 days
| Date | C2 Hosts |
|---|---|
| Jun 29, 2026 | 3 |
Further Reading
microsoft.com opens in a new tab
microsoft.com
0xtoxin-labs.gitbook.io opens in a new tab
0xtoxin-labs.gitbook.io
0xtoxin.github.io opens in a new tab
0xtoxin.github.io
bin.re opens in a new tab
bin.re
blog.cerbero.io opens in a new tab
blog.cerbero.io
blog.cyble.com opens in a new tab
blog.cyble.com
blog.cyble.com opens in a new tab
blog.cyble.com
blog.gigamon.com opens in a new tab
blog.gigamon.com
blog.google opens in a new tab
blog.google
blog.google opens in a new tab
blog.google
blog.krakz.fr opens in a new tab
blog.krakz.fr
blog.sekoia.io opens in a new tab
blog.sekoia.io
blog.talosintelligence.com opens in a new tab
blog.talosintelligence.com
cloudsek.com opens in a new tab
cloudsek.com
community.riskiq.com opens in a new tab
community.riskiq.com
elis531989.medium.com opens in a new tab
elis531989.medium.com
info.spamhaus.com opens in a new tab
info.spamhaus.com
info.spamhaus.com opens in a new tab
info.spamhaus.com
info.spamhaus.com opens in a new tab
info.spamhaus.com
intel471.com opens in a new tab
intel471.com
isc.sans.edu opens in a new tab
isc.sans.edu
isc.sans.edu opens in a new tab
isc.sans.edu
isc.sans.edu opens in a new tab
isc.sans.edu
isc.sans.edu opens in a new tab
isc.sans.edu
lumu.io opens in a new tab
lumu.io
mp.weixin.qq.com opens in a new tab
mp.weixin.qq.com
research.checkpoint.com opens in a new tab
research.checkpoint.com
research.nccgroup.com opens in a new tab
research.nccgroup.com
research.openanalysis.net opens in a new tab
research.openanalysis.net
resecurity.com opens in a new tab
resecurity.com
sec-consult.com opens in a new tab
sec-consult.com
securityintelligence.com opens in a new tab
securityintelligence.com
securityintelligence.com opens in a new tab
securityintelligence.com
symantec-enterprise-blogs.security.com opens in a new tab
symantec-enterprise-blogs.security.com
team-cymru.com opens in a new tab
team-cymru.com
thedfirreport.com opens in a new tab
thedfirreport.com
thedfirreport.com opens in a new tab
thedfirreport.com
thedfirreport.com opens in a new tab
thedfirreport.com
thedfirreport.com opens in a new tab
thedfirreport.com
threathunt.blog opens in a new tab
threathunt.blog
twitter.com opens in a new tab
twitter.com
twitter.com opens in a new tab
twitter.com
twitter.com opens in a new tab
twitter.com
twitter.com opens in a new tab
twitter.com
twitter.com opens in a new tab
twitter.com
unit42.paloaltonetworks.com opens in a new tab
unit42.paloaltonetworks.com
aspirets.com opens in a new tab
aspirets.com
bleepingcomputer.com opens in a new tab
bleepingcomputer.com
botconf.eu opens in a new tab
botconf.eu
cybereason.com opens in a new tab
cybereason.com
cyjax.com opens in a new tab
cyjax.com
cynet.com opens in a new tab
cynet.com
darkreading.com opens in a new tab
darkreading.com
deepinstinct.com opens in a new tab
deepinstinct.com
deepinstinct.com opens in a new tab
deepinstinct.com
europol.europa.eu opens in a new tab
europol.europa.eu
first.org opens in a new tab
first.org
fortinet.com opens in a new tab
fortinet.com
infinitumit.com.tr opens in a new tab
infinitumit.com.tr
intezer.com opens in a new tab
intezer.com
intrinsec.com opens in a new tab
intrinsec.com
logpoint.com opens in a new tab
logpoint.com
microsoft.com opens in a new tab
microsoft.com
microsoft.com opens in a new tab
microsoft.com
netskope.com opens in a new tab
netskope.com
proofpoint.com opens in a new tab
proofpoint.com
proofpoint.com opens in a new tab
proofpoint.com
proofpoint.com opens in a new tab
proofpoint.com
secureworks.com opens in a new tab
secureworks.com
spamhaus.org opens in a new tab
spamhaus.org
trendmicro.com opens in a new tab
trendmicro.com
vmray.com opens in a new tab
vmray.com
vmray.com opens in a new tab
vmray.com
vmray.com opens in a new tab
vmray.com
youtube.com opens in a new tab
youtube.com
youtube.com opens in a new tab
youtube.com