In essence, Bumblebee works very similar to BazarLoader and IceID, both of which have been found in previous Conti ransomware attacks. Apparently, several operators who have used BazarLoader in the past have transitioned to Bumblebee for shell code release and for the use of Cobalt Strike, Sliver, and Meterpreter frameworks, which are programmed to perform security assessments of target systems.
Conti is always a much-feared name in cybersecurity
Both Proofpoint and Cybereason have analyzed the Bumblebee code and have noticed that there are several similarities with TrickBot, so much so that yes can assume either that it is the same developer or, at least, that the person responsible for Bumblebee is in possession of the source code of TrickBot. In any case, the disconcerting aspect is the rapidity with which the malware spreads and the fact that Bumblebee also acts as a multipurpose tool for implementing payloads of various types of malware, including ransomware. The code itself indicates a very sophisticated tool, still under active development, capable of evading even the most advanced antivirus.