Pulse Detail — Threat Intelligence

PULSE NAME

VTA - Malware Variant, Matanbuchus Delivering Cobalt Strike Beacons Via Spam Campaigns

WHITE Superpro 2022-06-27 Modified: 2022-07-27

IOCs

MEDIUM VOLUME

Matanbuchus is a Malware-as-a-service(Maas), where it is engineered to download and execute second-stage executables from command-and-control (C&C) servers on infected systems without detection.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1021 T1053 T1059 T1071 T1204 T1497 T1566

MALWARE FAMILIES

Matanbuchus Cobalt Strike Spam

Indicators of Compromise (42)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	0308aa2c8dab8a69de41f5d16679bb9b	—	2022-06-27
FileHash-MD5	314a641ee6ef932f4c561388bd539090	—	2022-06-27
FileHash-MD5	3e757306c45b710d739a802fbd1fb69f	MD5 of 60c1dc0b885ac77b8f670b636c8d404654362354	2022-06-27
FileHash-MD5	40d5b499d9213f44ca786d56b6e10907	MD5 of 73b17544d1e42dc12d4af1d19343e2c7456a4a0b	2022-06-27
FileHash-MD5	41049c329659e51ccca47c13b8021c14	MD5 of 50dd607fb2147457fb5978a591e9d2f46b412d24	2022-06-27
FileHash-MD5	5698e2786aafbda7e252d89829250112	—	2022-06-27
FileHash-MD5	8cb8cf84ab20159702e6803cd6ce364a	—	2022-06-27
FileHash-MD5	8fc15b030254c0d49f18d06c696d6986	MD5 of 75f62f4d419b921bc081b5e8387665ac3cffd0d7	2022-06-27
FileHash-MD5	97fc6726f396c4b86bc84ca97e787637	MD5 of ad6e5024a0be6f69370e7a0482a2baa27c4a25be	2022-06-27
FileHash-MD5	f177b0ec8a79756f45f8cf0fb9b99c07	MD5 of 1b18d12dc5c14e68b271164ff63647a6d2eb090d	2022-06-27
FileHash-MD5	ff82937564ff59eb6207f079cdc8e43d	MD5 of 7cfe0a71c4a2508a1af80e640ec8b1b034edb604	2022-06-27
FileHash-SHA1	05103f90540f3e8a9599e9f1ab6a11c791aec393	—	2022-06-27
FileHash-SHA1	1b18d12dc5c14e68b271164ff63647a6d2eb090d	—	2022-06-27
FileHash-SHA1	2521a69b98265e08c30f1d175f29865801e2aa15	—	2022-06-27
FileHash-SHA1	50dd607fb2147457fb5978a591e9d2f46b412d24	—	2022-06-27
FileHash-SHA1	60c1dc0b885ac77b8f670b636c8d404654362354	—	2022-06-27
FileHash-SHA1	73b17544d1e42dc12d4af1d19343e2c7456a4a0b	—	2022-06-27
FileHash-SHA1	75f62f4d419b921bc081b5e8387665ac3cffd0d7	—	2022-06-27
FileHash-SHA1	7cfe0a71c4a2508a1af80e640ec8b1b034edb604	—	2022-06-27
FileHash-SHA1	ad6e5024a0be6f69370e7a0482a2baa27c4a25be	—	2022-06-27
FileHash-SHA1	c6827bf44a433ff086e787653361859d6f6e2fb3	—	2022-06-27
FileHash-SHA1	f20a688766f3c7105b64a6342277879d751de6f3	—	2022-06-27
FileHash-SHA256	0a7e8fd68575db5f84c18b9a26e4058323d1357e2a29a5b12278e4bfa6939489	—	2022-06-27
FileHash-SHA256	14debc481aa0a26d3a0bdeed0e56b3ae9e301220f2606aae624d57a9d0617d6f	—	2022-06-27
FileHash-SHA256	1e9aaf1375d9f7403644b4bea2c6fe679579bf61945ba6bdb54cc7cd7b728211	—	2022-06-27
FileHash-SHA256	63242d49d842cdf699b0ec04ad7bba8867080f8337d3e0ec7e768d10573142b3	SHA256 of 1b18d12dc5c14e68b271164ff63647a6d2eb090d	2022-06-27
FileHash-SHA256	72426e6b8ea42012675c07bf9a2895bcd7eae15c82343b4b71aece29d96a7b22	SHA256 of 50dd607fb2147457fb5978a591e9d2f46b412d24	2022-06-27
FileHash-SHA256	80e3212beed371025ba8c3eb32bea41de85d856941506f2a5255377069449c95	SHA256 of 73b17544d1e42dc12d4af1d19343e2c7456a4a0b	2022-06-27
FileHash-SHA256	a5b06297d86aee3c261df7415a4fa873f38bd5573523178000d89a8d5fd64b9a	SHA256 of ad6e5024a0be6f69370e7a0482a2baa27c4a25be	2022-06-27
FileHash-SHA256	bd68ecd681b844232f050c21c1ea914590351ef64e889d8ef37ea63bd9e2a2ec	SHA256 of 75f62f4d419b921bc081b5e8387665ac3cffd0d7	2022-06-27
FileHash-SHA256	d0e2e92ec9d3921dc73b962354c7708f06a1a34cce67e8b67af4581adfc7aaad	SHA256 of 60c1dc0b885ac77b8f670b636c8d404654362354	2022-06-27
FileHash-SHA256	d19ebb3abfbef6365accb6368973b8d10779cbf80a72fd28c8f2b9dd223ac288	—	2022-06-27
FileHash-SHA256	face46e6593206867da39e47001f134a00385898a36b8142a21ad54954682666	SHA256 of 7cfe0a71c4a2508a1af80e640ec8b1b034edb604	2022-06-27
URL	http://144.208.127.245/cob23_443.txt	—	2022-06-27
URL	http://144.208.127.245/cob_220_443.dll	—	2022-06-27
URL	http://collectiontelemetrysystem.com/cAUtfkUDaptk/ZRSeiy/requets/index.php	—	2022-06-27
URL	http://telemetrysystemcollection.com/m8YYdu/mCQ2U9/home.aspx	—	2022-06-27
URL	http://telemetrysystemcollection.com/m8YYdu/mCQ2U9/home.xn--aspx-jb7a	839488ebc08446a096a893996ed23eac321ac166724cd8c5d9092057834d2d79	2022-06-27
URL	https://extic.icu/empower/type.tiff	—	2022-06-27
domain	collectiontelemetrysystem.com	—	2022-06-27
domain	extic.icu	—	2022-06-27
domain	telemetrysystemcollection.com	—	2022-06-27

References (1)

↗ https://blog.cyble.com/2022/06/23/matanbuchus-loader-resurfaces/