Today > | 2 Medium vulnerabilities   -   You can now download lists of IOCs here!

New wave of Bumblebee malware attacks warned

Oct. 22, 2024, 5:25 p.m.

Description

Security researchers have detected new attacks involving the Bumblebee malware loader, just four months after Europol disrupted its operations in Operation Endgame. The malware has resurfaced with updated tactics, using MSI files disguised as legitimate software installers to deliver its payload directly into memory without dropping files to disk. It also avoids creating new processes by leveraging the MSI SelfReg table to execute malicious DLLs. The Bumblebee campaigns likely begin with phishing emails containing ZIP files with malicious LNK files that initiate the infection chain. This marks the first major reappearance of Bumblebee since the law enforcement takedown in May 2024.

Date

Published: Oct. 22, 2024, 3:49 p.m.

Created: Oct. 22, 2024, 3:49 p.m.

Modified: Oct. 22, 2024, 5:25 p.m.

Indicators

d3f551d1fb2c307edfceb65793e527d94d76eba1cd8ab0a5d1f86db11c9474c3

d1cabe0d6a2f3cef5da04e35220e2431ef627470dd2801b4ed22a8ed9a918768

c26344bfd07b871dd9f6bd7c71275216e18be265e91e5d0800348e8aa06543f9

7df703625ee06db2786650b48ffefb13fa1f0dae41e521b861a16772e800c115

2bca5abfac168454ce4e97a10ccf8ffc068e1428fa655286210006b298de42fb

106c81f547cfe8332110520c968062004ca58bcfd2dbb0accd51616dd694721f

0ab5b3e9790aa8ada1bbadd5d22908b5ba7b9f078e8f5b4e8fcc27cc0011cce7

http://193.242.145.138/mid/w1/Midjourney.msi

http://193.176.190.41/down1/nvinstall.msi

Attack Patterns

Bumblebee - S1039

Bumblebee

T1482

T1059.001

T1218

T1055

T1036

T1204

T1027

T1566