MATA: Multi-platform targeted malware framework
Contents
As the IT and OT environment becomes more complex, adversaries are quick to adapt their attack strategy. For example, as users’ work environments diversify, adversaries are busy acquiring the TTPs to infiltrate systems. Recently, we reported to our Threat Intelligence Portal customers a similar malware framework that internally we called MATA. The MATA malware framework possesses several components, such as loader, orchestrator and plugins. This comprehensive framework is able to target Windows, Linux and macOS operating systems.
The first artefacts we found relating to MATA were used around April 2018. After that, the actor behind this advanced malware framework used it aggressively to infiltrate corporate entities around the world. We identified several victims from our telemetry and figured out the purpose of this malware framework.
Windows version of MATA
The Windows version of MATA consists of several components. According to our telemetry, the actor used a loader malware to load the encrypted next-stage …
The first artefacts we found relating to MATA were used around April 2018. After that, the actor behind this advanced malware framework used it aggressively to infiltrate corporate entities around the world. We identified several victims from our telemetry and figured out the purpose of this malware framework.
Windows version of MATA
The Windows version of MATA consists of several components. According to our telemetry, the actor used a loader malware to load the encrypted next-stage …
IoC
0137f688436c468d43b3e50878ec1a1f
104.232.71.7
1060702fe4e670eda8c0433c5966feee
107.172.197.175
108.170.31.81
111.90.146.105
111.90.148.132
172.81.132.41
172.93.184.62
172.93.201.219
185.62.58.207
192.210.239.122
198.180.198.6
199b4c116ac14964e9646b2f27595156
1e175231206cd7f80de4f6d86399c079
209.90.234.34
216.244.71.233
228998f29864603fd4966cadd0be77fc
23.227.199.53
23.227.199.69
23.254.119.12
2b8ff2a971555390b37f75cb07ae84bd
2cd1f7f17153880fd80eba65b827d344
455997E42E20C8256A494FA5556F7333
582b9801698c0c1614dbbae73c409efb
6145fa69a6e42a0bf6a8f7c12005636b
65632998063ff116417b04b65fdebdfb
67.43.239.146
68.168.123.86
6a066cf853fe51e3398ef773d016a4a8
6cd06403f36ad20a3492060c9dc14d80
71d8b4c4411f7ffa89919a3251e6e5cb
7b068dfbea310962361abf4723332b3a
7d80175ea344b1c849ead7ca5a82ac94
7e4e49d74b59cc9cc1471e33e50475d3
7ead1fbba01a76467d63c4a216cf2902
80c0efb9e129f7f9b05a783df6959812
81f8f0526740b55fe484c42126cd8396
859e7e9a11b37d355955f85b9a305fec
85dcea03016df4880cebee9a70de0c02
8910bdaaa6d3d40e9f60523d3a34f914
8e665562b9e187585a3f32923cc1f889
982bf527b9fe16205fea606d1beed7fa
a64b3278cc8f8b75e3c86b6a1faa6686
a7bda9b5c579254114fab05ec751918c
a93d1d5c2cb9c728fda3a5beaf0a0ffc
a99b7ef095f44cf35453465c64f0c70c
ab09f6a249ca88d1a036eee7a02cdd16
ab2a98d3564c6bf656b8347681ecc2be
b5d85cfaece7da5ed20d8eb2c9fa477c
bea49839390e4f1eb3cb38d0fcaf897e
bf2765175d6fce7069cdb164603bd7dc
ca250f3c7a3098964a89d879333ac7c8
d2f94e178c254669fb9656d5513356d2
da50a7a05abffb806f4a60c461521f41
e3dee2d65512b99a362a1dbf6726ba9c
e58cfbc6e0602681ff1841afadad4cc6
e883bf5fd22eb6237eb84d80bbcf2ac9
ec05817e19039c2f6cc2c021e2ea0016
ed5458de272171feee479c355ab4a9f3
f05437d510287448325bac98a1378de1
f0e87707fd0462162e1aecb6b4a53a89
f1ca9c730c8b5169fe095d385bac77e7
f364b46d8aafff67271d350b8271505a
f50a0cd229b7bf57fcbd67ccfa8a5147
fea3a39f97c00a6c8a589ff48bcc5a8c
http://108.170.31.81:443
http://111.90.146.105:443
http://192.210.239.122:443
104.232.71.7
1060702fe4e670eda8c0433c5966feee
107.172.197.175
108.170.31.81
111.90.146.105
111.90.148.132
172.81.132.41
172.93.184.62
172.93.201.219
185.62.58.207
192.210.239.122
198.180.198.6
199b4c116ac14964e9646b2f27595156
1e175231206cd7f80de4f6d86399c079
209.90.234.34
216.244.71.233
228998f29864603fd4966cadd0be77fc
23.227.199.53
23.227.199.69
23.254.119.12
2b8ff2a971555390b37f75cb07ae84bd
2cd1f7f17153880fd80eba65b827d344
455997E42E20C8256A494FA5556F7333
582b9801698c0c1614dbbae73c409efb
6145fa69a6e42a0bf6a8f7c12005636b
65632998063ff116417b04b65fdebdfb
67.43.239.146
68.168.123.86
6a066cf853fe51e3398ef773d016a4a8
6cd06403f36ad20a3492060c9dc14d80
71d8b4c4411f7ffa89919a3251e6e5cb
7b068dfbea310962361abf4723332b3a
7d80175ea344b1c849ead7ca5a82ac94
7e4e49d74b59cc9cc1471e33e50475d3
7ead1fbba01a76467d63c4a216cf2902
80c0efb9e129f7f9b05a783df6959812
81f8f0526740b55fe484c42126cd8396
859e7e9a11b37d355955f85b9a305fec
85dcea03016df4880cebee9a70de0c02
8910bdaaa6d3d40e9f60523d3a34f914
8e665562b9e187585a3f32923cc1f889
982bf527b9fe16205fea606d1beed7fa
a64b3278cc8f8b75e3c86b6a1faa6686
a7bda9b5c579254114fab05ec751918c
a93d1d5c2cb9c728fda3a5beaf0a0ffc
a99b7ef095f44cf35453465c64f0c70c
ab09f6a249ca88d1a036eee7a02cdd16
ab2a98d3564c6bf656b8347681ecc2be
b5d85cfaece7da5ed20d8eb2c9fa477c
bea49839390e4f1eb3cb38d0fcaf897e
bf2765175d6fce7069cdb164603bd7dc
ca250f3c7a3098964a89d879333ac7c8
d2f94e178c254669fb9656d5513356d2
da50a7a05abffb806f4a60c461521f41
e3dee2d65512b99a362a1dbf6726ba9c
e58cfbc6e0602681ff1841afadad4cc6
e883bf5fd22eb6237eb84d80bbcf2ac9
ec05817e19039c2f6cc2c021e2ea0016
ed5458de272171feee479c355ab4a9f3
f05437d510287448325bac98a1378de1
f0e87707fd0462162e1aecb6b4a53a89
f1ca9c730c8b5169fe095d385bac77e7
f364b46d8aafff67271d350b8271505a
f50a0cd229b7bf57fcbd67ccfa8a5147
fea3a39f97c00a6c8a589ff48bcc5a8c
http://108.170.31.81:443
http://111.90.146.105:443
http://192.210.239.122:443