Protected: Matanbuchus – Malware Analysis
There is no excerpt because this is a protected post.
Tag
ransomware
Read the analysis
Operation Storming Tide: A massive multi-stage intrusion campaign
In February 2026, the Fortgale Incident Response team investigated a multi-stage intrusion attributed to Mora_001, a Russian-origin threat actor exploiting Fortinet vulnerabilities. The campaign, internally dubbed “FortiSync Quasar,” revealed an evolution from ransomware operations to strategic espionage, deploying Matanbuchus 3.0, Astarion RAT, and SystemBC. Rapid containment prevented any data exfiltration.
Server VMware ESXi – Ransomware Attacks in Italy
VMware ESXi #Ransomware: What is going on? What does the following code means? D6C324719AD0AA50A54E4F8DED8E8220D8698DD67B218B5429466C40E7F72657C015D86C7E4A In the last few hours, several sources have reported massive Ransomware-type activity against VMware ESXi servers exposed on a public network. The activity currently appears to be conducted by at least 2 different criminal groups. How? Both groups are exploiting a … Read more
Malware Qakbot — March 2022 Compromises
In recent weeks, consistent with previously documented activity (background), we have observed a general increase in compromise activity across monitored environments. Criminal groups deploy malware for multiple objectives: Ransomware execution, sensitive data exfiltration, and credential harvesting. Qakbot — documented in detail under MITRE ATT&CK S0650 — is consistently used for all three. Unlike previous campaigns, … Read more
Russia | Ukraine: Cyber Attacks
Resoconto riguardante le operazioni offensive informatiche condotte dalla Russia nei confronti di infrastrutture ucraine durante l’avvio del conflitto.
REvil Kaseya — sample analysis
Technical analysis of the REvil ransomware sample dropped through the Kaseya VSA supply-chain compromise: code structure, encryption logic, and supply-chain risk lessons.
Ransomware and Supply Chain Attack
Convergence of ransomware and supply-chain compromise: amplification mechanics, downstream propagation and defensive priorities for vendors and customers alike.
Avaddon shuts down — decryption keys released publicly
Avaddon ransomware operation closure with public release of decryption keys: recovery scope for past victims and post-shutdown affiliate movement signals.
Business Ransomware: ongoing reorganisation
Ransomware ecosystem reorganisation following law-enforcement pressure: rebrandings, splinter groups, affiliate movement and intelligence priorities for defenders.
