From a Teams Call to a Ransomware Threat: Matanbuchus 3.0 MaaS Levels Up
Essential information
- Published
- 18/07/2025 09:01
- Modified
- 18/07/2025 09:21
- Tags
- 2025-07-18 maas matanbuchus microsoft teams ransomware
- Related entities
- 11 observables, 11 techniques (mitre), 1 malware
Description
Matanbuchus 3.0, a malware loader available as Malware-as-a-Service, has evolved with significant updates. It now employs sophisticated techniques including improved communication protocols, in-memory stealth capabilities, enhanced obfuscation, and support for WQL queries, CMD, and PowerShell reverse shells. The loader collects detailed system data, including information on EDR security controls, to tailor subsequent attacks. It can execute various commands through regsvr32, rundll32, msiexec, or process hollowing. The malware establishes persistence through scheduled tasks and registry modifications. Recent campaigns have targeted victims through external Microsoft Teams calls impersonating IT helpdesks, leading to potential ransomware compromises.