OTX Bot<p>From a Teams Call to a Ransomware Threat: Matanbuchus 3.0 MaaS Levels Up</p><p>Matanbuchus 3.0, a malware loader available as Malware-as-a-Service, has evolved with significant updates. It now employs sophisticated techniques including improved communication protocols, in-memory stealth capabilities, enhanced obfuscation, and support for WQL queries, CMD, and PowerShell reverse shells. The loader collects detailed system data, including information on EDR security controls, to tailor subsequent attacks. It can execute various commands through regsvr32, rundll32, msiexec, or process hollowing. The malware establishes persistence through scheduled tasks and registry modifications. Recent campaigns have targeted victims through external Microsoft Teams calls impersonating IT helpdesks, leading to potential ransomware compromises.</p><p>Pulse ID: 687a0d5dc93942c183eddbf5<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/687a0d5dc93942c183eddbf5" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/687a0</span><span class="invisible">d5dc93942c183eddbf5</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-07-18 09:01:17</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/EDR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EDR</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/MaaS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MaaS</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/MalwareAsAService" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MalwareAsAService</span></a> <a href="https://social.raytec.co/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> <a href="https://social.raytec.co/tags/MicrosoftTeams" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MicrosoftTeams</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/PowerShell" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PowerShell</span></a> <a href="https://social.raytec.co/tags/RansomWare" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RansomWare</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlienVault</span></a></p>