Unfortunately for everyone a new threat has appeared called Matanbuchus which is a Loader service (MaaS) created by the BelialDemon group. This is a cybercrime actor who references demonic themes in software and usernames. It has been discovered by cybersecurity experts at Palo Alto Networks Unit 42. The malicious code was announced in February 2021 at a starting rental price of $ 2,500 and was actually released through posts giving other criminals access.
This new threat has unfortunately already affected several organizations in the US and the EU to this day including a large university and high school in the United States, as well as a high-tech organization in Belgium. In addition, Matanbuchus is capable of:
▸The ability to run an .exe or .dll file in memory
▸Ability to leverage schtasks.exe to add or modify task schedules
▸This threat can launch custom PowerShell commands
▸In addition, it takes advantage of a separate executable to load the DLL if the attacker has no way to do it
This threat seems to be spreading through Phishing so awareness of this is important and thus not fall before these malicious deceptions. At the moment the best thing that one can apply against this threat is to have a good next generation Firewall not only against this threat but against the many others that we could find on the Internet.
Other reads:
Avaddon, the ransomware that uses DDoS attacks
Buer Malware Charger Emerges on the Web
[…] also:Matanbuchus demonic threat lurking on the WebSatan – A computer hijacker […]
[…] Also check:Hades ransomware targetting businessesDoppelPaymer – Ransomware targeting industriesZeppelin Ransomware targetting large companiesMatanbuchus demonic threat lurking on the Web […]