Matanbuchus

Malware updated a month ago (2024-11-29T14:31:32.992Z)
Download STIX
Preview STIX
Matanbuchus is a malicious software (malware) that has been actively used in various cyberattacks since July 16, 2022. Initially identified as part of a malspam campaign by Unit 42 in February 2023, it was believed to be a possible drop from the PikaBot malware. However, subsequent analysis revealed Matanbuchus to be a unique malware family. The malware has been linked to ransomware activity related to several strains such as Quantum, Nokoyawa, BlackCat, Royal, Cl0p, Cactus, and Play. It has also been associated with off-the-shelf post-exploitation tools like Cobalt Strike and Sliver, as well as other loaders such as IcedID. The Matanbuchus malware loader has been deployed alongside other harmful programs in cyberattacks carried out by threat groups, notably ShadowSyndicate. These include Remote Access Trojans (RATs) like DarkGate and NetSupport, information stealers such as Lumma and Vidar, and penetration testing tools like Sliver and Meterpreter. Cybercriminals have often tricked users into installing malware, including Matanbuchus or DarkGate, through deceptive messages offering "how to fix" or "auto-fix" options, leading to the execution of PowerShell or DLL files. In a recent development reported on March 11, 2024, Matanbuchus has evolved to exploit XLS files to compromise Windows machines. This new method of attack signifies an escalation in its threat level and underscores the need for robust cybersecurity measures. As Matanbuchus continues to adapt and expand its methods, it remains a significant concern for cybersecurity experts globally.
Description last updated: 2024-06-18T21:16:02.071Z
What's your take? (Question 1 of 1)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Malware Loader
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Matanbuchus Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more