From a Teams Call to a Ransomware Threat: Matanbuchus 3.0 MaaS Levels Up
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Matanbuchus 3.0, a malware loader available as Malware-as-a-Service, has evolved with significant updates. It now employs sophisticated techniques including improved communication protocols, in-memory stealth capabilities, enhanced obfuscation, and support for WQL queries, CMD, and PowerShell reverse shells. The loader collects detailed system data, including information on EDR security controls, to tailor subsequent attacks. It can execute various commands through regsvr32, rundll32, msiexec, or process hollowing. The malware establishes persistence through scheduled tasks and registry modifications. Recent campaigns have targeted victims through external Microsoft Teams calls impersonating IT helpdesks, leading to potential ransomware compromises.
OPENCTI LABELS :
ransomware,matanbuchus,microsoft teams,maas
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
From a Teams Call to a Ransomware Threat: Matanbuchus 3.0 MaaS Levels Up