Description
This report details the analysis of a malspam campaign utilizing the Matanbuchus loader, which involved decrypting strings within the malware through emulation techniques. The investigation pivoted to uncover a Russian bulletproof hosting service, Proton66 OOO, that currently hosts various malicious activities, including the SocGholish malware. The report highlights how exploring the infrastructure behind these threats can reveal interconnected cybercrime operations and enable proactive defense.
Date
| Published | Created | Modified |
|---|---|---|
| May 8, 2024, 11:18 a.m. | May 8, 2024, 11:18 a.m. | May 8, 2024, 5:29 p.m. |
Indicators
https://muagol.com/useraccount.aspx
https://988skins.com/admin/view/stylesheet/50k.png
http://muagol.com/Traffic/link/posting/index.php
http://marvin-occentus.net/statistic/js/stat.js
http://iseberkis.com:62478/medical/plan/oslo/posting/in
http://itter.com/I
http://ec.com/bl
http://988.skins.com/admin/view/stylesheet/50k.png
Attack Patterns
Matanbuchus
SocGholish
TA577
T1591.001
T1578.004
T1053.005
T1573.002
T1059.005
T1497.001
T1059.003
T1059.001
T1027.005
T1059.007
T1095
T1071.001
T1204.002
T1489
T1129
T1105
T1083
T1055
T1219
T1027