A malware-as-a-service (MaaS) package called “Matanbuchus” was found dropping Cobalt Strike beacons, allowing threat actors to communicate with the compromised network.1
Using TIP, we analyzed publicly available IoCs and used the insights to uncover more potentially suspicious domains. Our key findings include:
- Almost all the email domains used in Matanbuchus-related phishing campaigns had problematic mail server, Secure Sockets Layer (SSL), and name server configurations.
- We found 600+ domains connected via the IoC domains’ WHOIS records and text strings and the email domains’ mail exchanger (MX) records.
- About 12.5% of the connected domains have been flagged as malicious.
Download the threat research materials now to access a sample of identified artifacts used to conduct additional enrichment and threat analysis.
-  https://thehackernews.com/2022/06/researchers-warn-of-matanbuchus-malware.html