Honeybee is a campaign led by an unknown malicious actor that has targeted humanitarian aid organizations, and has been active in Vietnam, Singapore, Argentina, Japan, Indonesia, and Canada since August of 2017, and as recently as February 2018.

This is a collection of rules based on the presence of indicators of compromise publicly reported as associated with this malicious actor.