Threat intelligence API Docs Pricing Solutions Resources Contact us

Threat reports

Read other reports

Matanbuchus with Cobalt Strike: Not Your Favorite Combo





A malware-as-a-service (MaaS) package called “Matanbuchus” was found dropping Cobalt Strike beacons, allowing threat actors to communicate with the compromised network.1

Using TIP, we analyzed publicly available IoCs and used the insights to uncover more potentially suspicious domains. Our key findings include:

  • Almost all the email domains used in Matanbuchus-related phishing campaigns had problematic mail server, Secure Sockets Layer (SSL), and name server configurations.
  • We found 600+ domains connected via the IoC domains’ WHOIS records and text strings and the email domains’ mail exchanger (MX) records.
  • About 12.5% of the connected domains have been flagged as malicious.

Download the threat research materials now to access a sample of identified artifacts used to conduct additional enrichment and threat analysis.

  • [1] https://thehackernews.com/2022/06/researchers-warn-of-matanbuchus-malware.html
Read other reports
To download the full report in PDF, please fill in the form.
I have read and agree to the Terms of Service and Privacy Policy
Please keep me updated on news, events, and offers.

Try our Threat Intelligence API for free

Get FREE trial
Have questions?

We work hard to improve our services for you. As part of that, we welcome your feedback, questions and suggestions. Please let us know your thoughts and feelings, and any way in which you think we can improve our product.

For a quick response, please select the request type that best suits your needs.

Or shoot us an email to

Threat Intelligence Platform uses cookies to provide you with the best user experience on our website. They also help us understand how our site is being used. Find out more here. By continuing to use our site you consent to the use of cookies.