Researchers Warn of 'Matanbuchus' Malware Campaign Dropping Cobalt Strike Beacons
Jun 27, 2022
A malware-as-a-service (Maas) dubbed Matanbuchus has been observed spreading through phishing campaigns, ultimately dropping the Cobalt Strike post-exploitation framework on compromised machines. Matanbuchus, like other malware loaders such as BazarLoader , Bumblebee , and Colibri , is engineered to download and execute second-stage executables from command-and-control (C&C) servers on infected systems without detection. Available on Russian-speaking cybercrime forums for a price of $2,500 since February 2021, the malware is equipped with capabilities to launch .EXE and .DLL files in memory and run arbitrary PowerShell commands. The findings, released by threat intelligence firm Cyble last week, document the latest infection chain associated with the loader, which is linked to a threat actor who goes by the online moniker BelialDemon. "If we look historically, BelialDemon has been involved in the development of malware loaders," Unit 4...
