Distribution of the Bumblebee is done by phishing emails with an attachment or a link to a malicious archive. The initial execution relies on the end-user execution which has to extract the archive, mount an ISO image file, and click an LNK file.