From 705d0d2e7208dd8784ff7b2eb5afeb9f4427c577 Mon Sep 17 00:00:00 2001
From: Delta-Sierra <deborah.servili@gmail.com>
Date: Mon, 12 Sep 2022 10:51:43 +0200
Subject: [PATCH] add BumbleBee backdoor

---
 clusters/tool.json | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/clusters/tool.json b/clusters/tool.json
index 64d30487..8737a0e4 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -8570,7 +8570,29 @@
       },
       "uuid": "0bdb6f1c-1229-4556-a535-7444ddfbd7a9",
       "value": "GootLoader"
+    },
+    {
+      "description": "BumbleBee is a modular backdoor that comprises two applications, a server and a client application (a master and slaver application, respectively in the malware’s jargon). Once the client application is deployed on the target computer (these are commonly local government devices), threat actors can control the machine using the server module. Let us take a deeper look into this backdoor.",
+      "meta": {
+        "refs": [
+          "https://www.trendmicro.com/en_us/research/22/i/buzzing-in-the-background-bumblebee-a-new-modular-backdoor-evolv.html"
+        ],
+        "type": [
+          "backdoor"
+        ]
+      },
+      "related": [
+        {
+          "dest-uuid": "96b2b31e-b191-43c4-9929-48ba1cbee62c",
+          "tags": [
+            "estimative-language:likelihood-probability=\"likely\""
+          ],
+          "type": "related-to"
+        }
+      ],
+      "uuid": "6fc4beee-b922-4d25-833d-8fb574a3c56e",
+      "value": "BumbleBee"
     }
   ],
-  "version": 153
+  "version": 154
 }