Matanbuchus

Malware updated 9 months ago (2024-11-29T14:31:32.992Z)
Download STIX
Preview STIX
Matanbuchus is a malicious software (malware) that has been actively used in various cyberattacks since July 16, 2022. Initially identified as part of a malspam campaign by Unit 42 in February 2023, it was believed to be a possible drop from the PikaBot malware. However, subsequent analysis revealed Matanbuchus to be a unique malware family. The malware has been linked to ransomware activity related to several strains such as Quantum, Nokoyawa, BlackCat, Royal, Cl0p, Cactus, and Play. It has also been associated with off-the-shelf post-exploitation tools like Cobalt Strike and Sliver, as well as other loaders such as IcedID. The Matanbuchus malware loader has been deployed alongside other harmful programs in cyberattacks carried out by threat groups, notably ShadowSyndicate. These include Remote Access Trojans (RATs) like DarkGate and NetSupport, information stealers such as Lumma and Vidar, and penetration testing tools like Sliver and Meterpreter. Cybercriminals have often tricked users into installing malware, including Matanbuchus or DarkGate, through deceptive messages offering "how to fix" or "auto-fix" options, leading to the execution of PowerShell or DLL files. In a recent development reported on March 11, 2024, Matanbuchus has evolved to exploit XLS files to compromise Windows machines. This new method of attack signifies an escalation in its threat level and underscores the need for robust cybersecurity measures. As Matanbuchus continues to adapt and expand its methods, it remains a significant concern for cybersecurity experts globally.
Description last updated: 2024-06-18T21:16:02.071Z
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Darkgate is a possible alias for Matanbuchus. DarkGate is a multifunctional malware that poses significant threats to computer systems and networks. It has been associated with various malicious activities such as information theft, credential stealing, cryptocurrency theft, and ransomware delivery. DarkGate infiltrates systems through suspicio
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Malware Loader
Loader
Ransomware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.