Matanbuchus is a malware-as-a-service offering with advanced stealth features, first advertised in February 2021. It operates as a conduit for various payloads, including ransomware and Cobalt Strike beacons. Matanbuchus is typically distributed through social engineering rather than conventional methods like spam. The most recent version, Matanbuchus 3.0, includes enhanced capabilities such as improved communication protocols, in-memory execution, and reverse shell support. Recently, attackers utilized it to target employees via impersonated Microsoft Teams calls, tricking them into executing a PowerShell script that deployed the malware.
Victims are carefully targeted and persuaded to execute a script that triggers the download of an archive. This archive contains a renamed Notepad++ update.
The latest version of the loader, tracked as Matanbuchus 3.0, incorporates several new features, including improved communication protocol techniques and enhanced obfuscation methods.
Collection
[
|
...
]