APT / THREAT GROUP
BumbleBee
5
aliases
Last seen:Mar 17, 2026
Intelligence Profile
This malware is delivered by an ISO file, with an DLL inside with a custom loader. Because of the unique user-agent "bumblebee" this malware was dubbed BUMBLEBEE. At the time of Analysis by Google's Threat Analysis Group (TAG) BumbleBee was observed to fetch Cobalt Strike Payloads.
Threat Analysis
BumbleBee is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
Intelligence Reports Mentioning BumbleBee
From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira
The DFIR Report· Jun 29, 2026
From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira
The DFIR Report· Nov 4, 2025
Flash Alert: From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira
The DFIR Report· Aug 5, 2025
External References
Quick Facts
TypeAPT / Threat Group
Aliases5
Also Known As
ShindigSHELLSTINGBumbleBeewin.bumblebeeCOLDTRAIN
External Intelligence
Malpedia: win.bumblebeeResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.