Bumblebee is an advanced, evasive malware loader that was first detected in March 2022. Bumblebee is spread through sophisticated spear-phishing emails which contain a hyperlink pointing to a url that fingerprints the machine by analyzing browser cookies before downloading a compatible version of the Bumblebee loader in ISO format. Once executed by a user, this ISO unpacks Bumblebee and establishes C2 with an external server. The bumblebee loader contains five functions: Shi: shellcode injection, Dij: DLL injection, Dex: Download executable, Sdl: uninstall loader, and Ins: enable persistence. These functions enable Bumblebee to load a variety of follow-up malware to infected machines. Bumblebee malware often drops a Cobalt Strike beacon upon successfully infecting a machine.

References
https://www.theregister.com/2022/04/29/bumblee-malware-conti-malware/ 
https://blog.cyble.com/2022/06/07/bumblebee-loader-on-the-rise/
https://www.proofpoint.com/us/blog/threat-insight/bumblebee-is-still-transforming
https://www.fortinet.com/blog/threat-research/diavol-new-ransomware-used-by-wizard-spider