Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

Code Emulation and Cybercrime Infrastructure Discovery

May 8, 2024, 5:29 p.m.

Tags
loader
ransomware
stealer
2024-05-03
2024-05-04
2024-05-05
2024-05-06
2024-05-07
2024-05-08
socgholish
matanbuchus
emulation
bulletproof
External References
Description

This report details the analysis of a malspam campaign utilizing the Matanbuchus loader, which involved decrypting strings within the malware through emulation techniques. The investigation pivoted to uncover a Russian bulletproof hosting service, Proton66 OOO, that currently hosts various malicious activities, including the SocGholish malware. The report highlights how exploring the infrastructure behind these threats can reveal interconnected cybercrime operations and enable proactive defense.

Date

Published: May 8, 2024, 11:18 a.m.

Created: May 8, 2024, 11:18 a.m.

Modified: May 8, 2024, 5:29 p.m.

Indicators

91.226.31.34

5.252.177.213

37.128.207.92

193.143.1.54

193.143.1.207

193.143.1.198

193.143.1.197

193.143.1.196

193.141.1.196

185.11.61.172

185.11.61.171

185.11.61.169

162.33.177.118

128.254.207.82

147.45.47.87

185.11.61.170

166.1.173.27

https://muagol.com/useraccount.aspx

https://988skins.com/admin/view/stylesheet/50k.png

http://muagol.com/Traffic/link/posting/index.php

http://marvin-occentus.net/statistic/js/stat.js

http://iseberkis.com:62478/medical/plan/oslo/posting/in

http://itter.com/I

http://ec.com/bl

http://988.skins.com/admin/view/stylesheet/50k.png

venice.sunproject.dev

turin.sunproject.dev

trademark.iglesiaelarca.com

rome.sunproject.dev

research.openanalysis.net

proton.net.ru

florence.sunproject.dev

fancy.justbartanews.com

bologna.sunproject.dev

988.skins.com

vsofm.com

vlanj.org

unitele.ru

torontoclub.vip

sweetapp.page

sunproject.dev

speedprocanada.com

sdic.org

reykh.icu

redviking.com

presswire.com

poolsbydesignaz.com

pestpatrol1.com

muagol.com

mindsmatterphilly.org

mavrin-occentus.net

mannmortgage.com

locustfamilydentistry.com

kalaswire.com

itter.com

iseberkis.com

intervention911.com

inkedin.co

huntersinternational.org

gatewaycr.org

gulappa.com

gammaprojec.dev

galimidilaw.com

filesnatchcloud.pro

extic.icu

dumingas.com

designedlearning.com

dems.ag

democraticags.org

breakpointbooking.com

binder-sa.com

barbarajking.com

atomwise.com

aitcaid.com

988skins.com

treasurybanks.org

Download all indicators here!

Attack Patterns

Matanbuchus

SocGholish

TA577

T1591.001

T1578.004

T1053.005

T1573.002

T1059.005

T1497.001

T1059.003

T1059.001

T1027.005

T1059.007

T1095

T1071.001

T1204.002

T1489

T1129

T1105

T1083

T1055

T1219

T1027