Adventures in the land of BumbleBee

BUMBLEBEE is a actively developed malicious loader used in multiple distribution methods (ISO attachments, OneDrive links, email thread hijacking) that implements anti-analysis measures, RC4-encrypted HTTPS C2 communication, process injection and persistence via scheduled tasks and VBS, and has been observed delivering Cobalt Strike, Meterpreter, Sliver and Bokbot payloads; the report includes detailed technical behavior, task types, group tags and a large set of IP-based IOCs.