216.73.217.22

New wave of Bumblebee malware attacks warned

· Published 22/10/2024 15:49 · Modified 22/10/2024 17:25

Export JSON

Essential information

Published
22/10/2024 15:49
Modified
22/10/2024 17:25
Tags
2024-10-22 bumblebee evasion in-memory loader malware msi phishing ransomware
Related entities
9 observables, 1 intrusion sets (apt), 8 techniques (mitre), 1 malware

Description

Security researchers have detected new attacks involving the , just four months after Europol disrupted its operations in Operation Endgame. The has resurfaced with updated tactics, using files disguised as legitimate software installers to deliver its payload directly into memory without dropping files to disk. It also avoids creating new processes by leveraging the SelfReg table to execute malicious DLLs. The campaigns likely begin with emails containing ZIP files with malicious LNK files that initiate the infection chain. This marks the first major reappearance of since the law enforcement takedown in May 2024.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

Observables (9)

  • http://193.242.145.138/mid/w1/Midjourney.msi
  • http://193.176.190.41/down1/nvinstall.msi
  • d3f551d1fb2c307edfceb65793e527d94d76eba1cd8ab0a5d1f86db11c9474c3
  • d1cabe0d6a2f3cef5da04e35220e2431ef627470dd2801b4ed22a8ed9a918768
  • c26344bfd07b871dd9f6bd7c71275216e18be265e91e5d0800348e8aa06543f9
  • 7df703625ee06db2786650b48ffefb13fa1f0dae41e521b861a16772e800c115
  • 2bca5abfac168454ce4e97a10ccf8ffc068e1428fa655286210006b298de42fb
  • 106c81f547cfe8332110520c968062004ca58bcfd2dbb0accd51616dd694721f
  • 0ab5b3e9790aa8ada1bbadd5d22908b5ba7b9f078e8f5b4e8fcc27cc0011cce7

Intrusion sets (APT) (1)

  • Bumblebee
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 07:18 · Modified 21/12/2025 07:18

Techniques (MITRE) (8)

Malware (1)

External references