Skip to content

Hide Navigation Hide TOC

Bumblebee (cc155181-fb34-4aaf-b083-b7b57b140b7a)

Bumblebee is a custom loader written in C++ that has been used by multiple threat actors, including possible initial access brokers, to download and execute additional payloads since at least March 2022. Bumblebee has been linked to ransomware operations including Conti, Quantum, and Mountlocker and derived its name from the appearance of "bumblebee" in the user-agent.[Google EXOTIC LILY March 2022][Proofpoint Bumblebee April 2022][Symantec Bumblebee June 2022]

Cluster A Galaxy A Cluster B Galaxy B Level
TA578 (b47551ba-8036-5527-abba-fed787c854a5) Tidal Groups Bumblebee (cc155181-fb34-4aaf-b083-b7b57b140b7a) Tidal Software 1
Bumblebee (cc155181-fb34-4aaf-b083-b7b57b140b7a) Tidal Software EXOTIC LILY (396a4361-3e84-47bc-9544-58e287c05799) Tidal Groups 1