logo
logo
Community
Pricing
Sign in
menu-h
  1. Computer and Network Security/
  2. Cybersecurity

Everything You Need to Know About MATA Malicious Framework

avatar
Nilesh Parashar
Everything You Need to Know About MATA Malicious Framework

The Windows version of MATA consists of several components. According to Cyber security courses online in telemetry, the actor loaded the encrypted Next stage payload using loader malware. I don't know if the loaded payload is Orchestrator malware, but almost all victims have loaders and orchestrators on the same machine.

Loader

This loader takes a hard-coded hexadecimal string, converts it to binary, and AES decrypts it to get the path to the user data file. Each loader has a hard-coded path to load the encrypted payload. The user data file is then decrypted and loaded with AES in the cyber security pg course.  The loader malware found in one of the compromised victims revealed that the parent process running the loader malware was the process "C: WindowsSystem32wbemWmiPrvSE.exe". The WmiPrvSE.exe process is a "WMI provider host process", which usually means that an actor ran this loader malware from a remote host and moved it sideways. Therefore, suppose an actor uses this loader to compromise an additional host on the same network.

Orchestrator and Plugin

An orchestrator malware was found in the lsass.exe process on the victim's computer. This orchestrator malware reads encrypted configuration data from a registry key and decrypts it using the AES algorithm. If there is no registry value, the malware uses hard-coded authentication information. Orchestrators can load 15 plug-ins at the same time. There are three ways to load it.

  • Download the plug-in from the specified HTTP or HTTPS server
  • Download the AES encryption plug-in file from the specified disk path
  • Load the plug-in file from the current MataNet connection

 Malware author Calls the infrastructure MataNet in top cyber security courses online. For secret communication, use the TLS 1.2 connection using the open-source library "OpenSSL 1.1.0f" which is statically linked in this module. In addition, traffic between MataNet nodes is encrypted with a random RC4 session key. MataNet implements both client mode and server mode. In server mode, the certificate file "c_2910.cls" and the private key file "k_3872.cls" are loaded for TLS encryption. However, this mode is not used. The MataNet client establishes regular connections with  C2. Each message has a 12-byte header,  the first DWORD is the message ID and the rest is auxiliary data. The main function of the orchestrator is to load each plugin file and run it in memory. Each DLL file type plugin provides an interface to Orchestrator and provides a wide range of features that can be used to control an infected computer. The MATA_Plug_WebProxy plugin has an interesting string "Proxyagent: mattdotnet". This is a reference to Matt McKnight's open source project. However, there are some differences. Matt's projects are written in C # instead of C ++. For example, MATA proxies are significantly simpler because there is no cache or SSL support. The creator of MATA may have found and used the source code for an early version of Matt's proxy server. It seems that the malware author rewrote the code from C # to C ++, but its footprint hasn't changed.

Non-Windows versions of the MATA

MATA frameworks are intended for Linux and macOS systems as well as Windows systems.

Linux Version

During the investigation, we also found a package containing various MATA files and numerous cyber attack tools. In this case, the package was found on a legitimate distribution site. This may indicate that the malware was distributed this way. It included the Windows MATA Orchestrator, a Linux folder listing tool, a script for using the Atlassian Confluence Server (CVE20193396), a legitimate Socat tool, and a Linux version of  MATA Orchestrator bundled with numerous plugins. China-based security provider Netlab has also published a very detailed blog about malware. The module is designed to run as a daemon. At startup, the module reads the PID from "/var/run/init.pid" to see if it is already running and the contents of the  file "/ proc /% pid% / cmdline" are equal to "/ flash" Check if. / bin "is / installed". Note that / flash / bin / mountd is an unusual path for a standard Linux desktop or server installation. This path indicates that MATA's Linux target is a network device without a hard drive, such as a router, firewall, or x86_64-based IoT device. The module can be run on the "/ pro" switch to skip the "init.pid" check. AES-encrypted configurations are stored in the "$ HOME / .memcache" file. The behaviour of this module corresponds to the behaviour of the Windows MATA Orchestrator above. The Linux version of MATA has a log send plugin. This plugin has interesting new features, a "scan" command that attempts to establish a TCP connection on ports 8291 (used to manage MikroTik RouterOS devices) and 8292 ("Bloomberg Professional" software), and a random IP address that belongs to a private address. Implements a random establishment. network. All successful connections are logged and sent to  C2. These protocols could be used by an attacker to select a target.  macOS version  I found another MATA malware target for macOS that was uploaded to VirusTotal on April 8, 2020. The malicious Apple Disk Image file is a Trojanized macOS application based on an open-source two-factor authentication application called MinaOTP.

collect
0
avatar
Nilesh Parashar
Related Articles
What is Encapsulating Security Payload (ESP)?
Nishit Agarwal 2022-02-17
img
Encapsulating Security Payload (ESP) is a member of the Internet Protocol Security (IPsec) set of protocols that encrypt and authenticate the packets of facts among computer systems the usage of a Virtual Private Network (VPN). An Encapsulating Security Payload is ordinarily designed to offer encryption, authentication, and safety offerings for the records or payload that is being transferred in an IP community. The additives of an ESP header consist of a series number, payload records, padding, subsequent header, an integrity test, and sequenced numbers. ” Encapsulating Security Payload (ESP) is a protocol withinside the encryption Protocol Security (IPsec) own circle of relatives that encrypts and authenticates facts packets despatched among computer systems through a digital non-public network (VPN). The Encapsulating Security Payload (ESP) protocol provides:Data confidentialityData foundation authenticationData integrityReplay protectionESP formatSecurity parameter index (SPI)The SPI is a 32-bit fee that, while blended with the packet’s vacation spot IP deal with and cyber terrorism protocol, uniquely identifies Security Association (SA).
collect
0
What is a Checksum?
Ishaan Chaudhary 2022-04-11
img
This checksum is created using a checksum function or checksum algorithm. A checksum function or checksum algorithm is the name given to the technique that creates this checksum. If the calculated checksum for a current data input matches the stored value of an earlier computed checksum, there is a very high likelihood that data has not been mistakenly changed or distorted. Fuzzy Checksum:The fuzzy checksum spam detection algorithm was created utilizing data from several ISPs (ISPs). Instead, "fuzzy checksum" strips out the body content before computing a checksum.
collect
0
KEY ELEMENTS OF AN EFFECTIVE CYBERSECURITY PLAN
Jacob Cole 2020-08-27
img

Analysis of key elements of an effective cybersecurity strategy to help security managers avoid or minimize the effects of an infringement.

Let’s have a look.Read Full Article: https://bit.ly/3lkwX9b

collect
0
How to Prevent Against Pharming?
Nilesh Parashar 2022-05-09
img
Modern cybercrime known as pharming redirects victims to bogus websites in order to obtain their personal information. Cybercriminals use DNS server vulnerabilities in a pharming attack to get access to a user's personal information. Both pharming malware and DNS poisoning may be used to do this. Avoid links and attachments from unknown senders:Watch out for malware that allows pharming since you can't defend yourself against DNS poisoning. There are many cities in India which offer different cyber security courses like the cyber security course in Hyderabad.
collect
0
Detecting a Phishing Email: 10 Things To Watch
Mayank Deep 2022-01-18
img
The infographic below from LogRhythm provides a fast top 10 list that you can use to educate yourself and your team on how to recognize a phishing email. In an email, legitimate businesses are unlikely to ask for personal information for authorization. How To Spot a Phishing Email:Scammers will send you emails or SMS messages asking for personal information. To deceive you into clicking on a link or opening a file, phishing emails and SMS messages frequently create a story. ConclusionScammers' techniques evolve all the time, however there are a few telling signs that can help you detect a phishing email or text.
collect
0
Ethical Issues In Software Engineering: 5 Examples
Viraj Yadav 2022-03-15
img
Although software developers are typically buried in the shadows of corporations, their decisions may have a huge impact on the globe. The firm should be aware of social and ethical issues in software development. In addition to security, Data security might be enhanced. Choosing software ethics Develop software with ethics. Using data access controls and logging Someone will benefit.
collect
0
WHO TO FOLLOW
MORE FROM AUTHOR
How to Conduct a Twitter Audit?
Nilesh Parashar 2022-06-06
img
collect
0
What is Geofencing Marketing?
Nilesh Parashar 2022-06-04
img
collect
0
What is a Scareware?
Nilesh Parashar 2022-06-03
img
collect
0
Top Ten Anti-Spam Software to Use
Nilesh Parashar 2022-06-02
collect
0
guide
Zupyak is the world’s largest content marketing community, with over 400 000 members and 3 million articles. Explore and get your content discovered.
Read more
WHO TO FOLLOW
Press enter to search  enter
articles
Protecting Your Devices from Cybercrime
Gadgetgram 2021-09-06
img

Everyone can be a potential victim when it comes to a cybercrime.

No matter how much you think that a hacker will leave you alone and not care about you, it is always a potential hazard to leave your devices unprotected.The best thing that you can do is find the right steps to keep your devices protected from cybercrime.

A full-service security suite will help to keep them out.

These tools will provide you with some good protection against existing and emerging malware, which can include viruses and ransomware too.This security suite is going to help you to keep everything on the computer safe and secure.

Make sure that you pick a good option that has the best reviews and update it as often as possible to keep your computer safe.Pick the Right PasswordsStrong passwords can be some of the best ways to stay protected online.

Pick a combination of at least 10 letters, numbers, and symbols.

collect
0
Best Practices in Breach Identification, Investigation, and Notification
stephen 2021-06-15
img

Data Breach is one of the worst nightmares that organizations are facing these days.

Breaches can be a very costly event, especially if the Data Breach incidents are of a larger scale, affecting millions of customers.

It said that on average breach can cost an organization $4 million, or approximately $200 per record breached especially when considering the lost business reputation, fines, and litigation costs, lost shareholder value, etc.With this, it is clear that breaches can affect an organization regardless of the size or perceived security measures established.

While businesses are taking all the necessary measures to prevent a security breach incident, it is now a known fact that even the most secure organization is not 100% immune to Data Breaches.

A business’s response to a data breach incident is crucial and makes all the difference.

Matter of fact, how organizations effectively detect, investigate and notify affected parties largely affect the quantum penalties and legal action.

collect
0
Cybersecurity Tips to Consider When Returning to the Office
pamten cybersecurity 2020-08-31
img

"Many businesses are re-opening their offices, here are some cybersecurity tips for organizations to consider as they navigate the transition of returning to the office.

collect
0
Become a Cybersecurity Expert - Magnovatech
Magnova Engineers 2021-12-10
img
Cybersecurity in the 21st century is ever-evolving. Is your skillset up to date on this technology? Learn how to be Cybersecurity Certified for a career of a lifetime from our Magnovatech in Hyderabad India.
collect
0
Understanding the Benefits of Cybersecurity in the UAE
Carol Fonseca 2023-04-12
img
5 of 2012 (The Cyber ​​Crimes Law) is designed to protect the UAE's citizens and organizations from cybercrime and other forms of digital fraud. To combat this trend, the UAE has implemented several measures to reduce the risk of cybercrime, including the National Cybersecurity Strategy, which outlines the government's goals for the UAE and its citizens. The UAE recently launched the 'National Cyber Security System', consisting of four sub-systems: the National Information System, the Cybersecurity Strategy System, the Cybersecurity Risk Management System, and the Cybersecurity Emergency Response System. The UAE also has several initiatives to encourage businesses and government organizations to adopt better cybersecurity practices. The UAE is a clear example of how proactive cybersecurity measures can be used to protect a nation and its citizens.
collect
0
Do You Know Facts + Statistics Identity Theft and Cybercrime
DIRO Original 2021-07-29
img

Are you really aware of identity theft and cybercrime facts?

If not, here are the identity theft and cybercrime facts and statistics.Learn more: https://diro.io/identity-theft-and-cybercrime-key-statistics-facts/

collect
0
Why is it risky to use public wifi?
A2Z Defender 2021-01-12
img

It’s a Sunday afternoon, you are hanging with your friends at a cafe, and catching the free wifi to complete the task that you couldn’t quite get to during your busy week.

What is public wifi?Public wifi is available in high-traffic areas, such as airports, shopping malls, cafes, hotels, and resorts.

While business owners may believe they are providing an engaging experience to their customers by offering free wifi, an attacker takes advantage of this free service by interesting himself between the victim’s communication and hotspot to steal and modify the data.

This attack exploits the real-time processing of transactions, conversation, and personal information.

When you connect to the public wifi at the coffee shop, don’t do your online banking or anything sensitive.

Attackers can easily exploit this weakness by writing a code to target the specific vulnerability and deliver the malware onto your computer.

collect
0
MEA Cybersecurity Market Size, Growth Drivers, Opportunities And Forecast Till 2023
marketsandmarkets 2023-01-03
img
The report “MEA Cybersecurity Market by Solution (IAM, Encryption, DLP, UTM, Antivirus/Antimalware, Firewall, IDS/IPS, Disaster Recovery), Service (Professional and Managed), Security Type, Deployment Mode, Organization Size, Vertical, and Country — Forecast to 2023”, The MEA cybersecurity market size is expected to grow from USD 15. The increasing demand among Small and Medium-sized Enterprises (SMEs) operating across industry verticals and regions would drive the market growth during the forecast period. id=190673806Application security segment to grow at the highest CAGR during the forecast periodThe application security segment is expected to grow at the highest CAGR during the forecast period. The adoption of cybersecurity solutions provides advanced protection from threats, without affecting operational efficiency. About MarketsandMarkets™MarketsandMarkets™ provides quantified B2B research on 30,000 high growth niche opportunities/threats which will impact 70% to 80% of worldwide companies’ revenues.
collect
0
How to Download the McAfee Activate Antivirus
Billy Mark 2019-06-08
img
With the rapid increase in cybercrime rate, the necessity of reliable and trusted antivirus increased altogether. Nowadays, McAfee provides a complete cybersecurity suite which protects device from viruse,malware, cyber attacks and  cybersecurity threats.Learn how to download,install, and activate mcafee.com/activate. For activating it, one may need to find 25 digit McAfee Activate activation key code. Well, the 25 digit activation code is available on the back side of the McAfee retail card. You just need to scratch on the back of the retail card to see the activation code. Get more information regarding McAfee visit our official website mcafee.com/activate.
collect
0
Cyberharassment – What You Need to Know
Fastest VPN 2020-09-02
img

Cyberharassment is a subject that must be talked about at every turn, due to the severity of some offenses and the effects it can have on an individual.

The digital world is crawling with bullies, sexual predators, frauds that the general public must be aware of to better protect themselves online.

It’s not just the tools we use, but the practices we adopt can have a lasting impact on keeping personal information safe.The text above is a summary, you can read the full article here

collect
0
Big increase in cyber attacks during the covid-19 Pandemic
Mahendra Patel 2021-04-01
img

Cybersecurity challenges are rising with the neck-breaking speed along with the expansion over the internet.

Cybercriminals are breaching the computer systems and networks of individuals, businesses and organizations.Read more : Big increase in cyber attacks during the covid-19 Pandemic

collect
0
Endpoint Detection and Response (EDR)
proaxis solutions 2022-08-01
img
Any data or security breach are promptly investigated with the appropriate tools and technologies and relevant expertise. Our team also work upon conducting routine behavioural analysis for threats on all the endpoint devices located within the organization. The core theme of cybersecurity is to safeguard all your digital assets from any cyber-attacks / data breaches / unauthorized access or hacking. A dedicated cybersecurity team would have analysts and technical with multiple domain proficiency. The Hindu Group, Bangalore, Karnataka - 560001Phone No : +91 9108968720Mail ID : info@proaxissolutions.
collect
0
Is a Cybersecurity Certification worth it?
Careerera 2021-08-11
img

If you are interested in the field of Cybersecurity and want to become a Cybersecurity professional, Then do not think twice, about a cybersecurity certification.

it's completely worth it with so many benefits.

collect
0
Cybersecurity survival tips for small businesses in 2022
Techxmedia 2022-04-06
img
André Lameiras, security writer at ESET, explains how businesses without the resources and technological expertise of large organizations can defend themselves against cybercriminals. Running and growing a business is hard work even in good times, but times of crisis bring a fresh crop of challenges. Two years ago, many lives and livelihoods were suddenly left hanging in the balance with nary a warning. The risk is acute for government agencies and multinational corporations all the way to perhaps the most vulnerable – small and medium-sized businesses (SMBs). Devoid of the resources of their larger brethren, small companies may find it particularly difficult to defend themselves against cybercriminals or to bounce back from a successful attack.
collect
0
Protecting Your Devices from Cybercrime
Gadgetgram 2021-09-06
img

Everyone can be a potential victim when it comes to a cybercrime.

No matter how much you think that a hacker will leave you alone and not care about you, it is always a potential hazard to leave your devices unprotected.The best thing that you can do is find the right steps to keep your devices protected from cybercrime.

A full-service security suite will help to keep them out.

These tools will provide you with some good protection against existing and emerging malware, which can include viruses and ransomware too.This security suite is going to help you to keep everything on the computer safe and secure.

Make sure that you pick a good option that has the best reviews and update it as often as possible to keep your computer safe.Pick the Right PasswordsStrong passwords can be some of the best ways to stay protected online.

Pick a combination of at least 10 letters, numbers, and symbols.

How to Download the McAfee Activate Antivirus
Billy Mark 2019-06-08
img
With the rapid increase in cybercrime rate, the necessity of reliable and trusted antivirus increased altogether. Nowadays, McAfee provides a complete cybersecurity suite which protects device from viruse,malware, cyber attacks and  cybersecurity threats.Learn how to download,install, and activate mcafee.com/activate. For activating it, one may need to find 25 digit McAfee Activate activation key code. Well, the 25 digit activation code is available on the back side of the McAfee retail card. You just need to scratch on the back of the retail card to see the activation code. Get more information regarding McAfee visit our official website mcafee.com/activate.
Best Practices in Breach Identification, Investigation, and Notification
stephen 2021-06-15
img

Data Breach is one of the worst nightmares that organizations are facing these days.

Breaches can be a very costly event, especially if the Data Breach incidents are of a larger scale, affecting millions of customers.

It said that on average breach can cost an organization $4 million, or approximately $200 per record breached especially when considering the lost business reputation, fines, and litigation costs, lost shareholder value, etc.With this, it is clear that breaches can affect an organization regardless of the size or perceived security measures established.

While businesses are taking all the necessary measures to prevent a security breach incident, it is now a known fact that even the most secure organization is not 100% immune to Data Breaches.

A business’s response to a data breach incident is crucial and makes all the difference.

Matter of fact, how organizations effectively detect, investigate and notify affected parties largely affect the quantum penalties and legal action.

Cyberharassment – What You Need to Know
Fastest VPN 2020-09-02
img

Cyberharassment is a subject that must be talked about at every turn, due to the severity of some offenses and the effects it can have on an individual.

The digital world is crawling with bullies, sexual predators, frauds that the general public must be aware of to better protect themselves online.

It’s not just the tools we use, but the practices we adopt can have a lasting impact on keeping personal information safe.The text above is a summary, you can read the full article here

Cybersecurity Tips to Consider When Returning to the Office
pamten cybersecurity 2020-08-31
img

"Many businesses are re-opening their offices, here are some cybersecurity tips for organizations to consider as they navigate the transition of returning to the office.

Big increase in cyber attacks during the covid-19 Pandemic
Mahendra Patel 2021-04-01
img

Cybersecurity challenges are rising with the neck-breaking speed along with the expansion over the internet.

Cybercriminals are breaching the computer systems and networks of individuals, businesses and organizations.Read more : Big increase in cyber attacks during the covid-19 Pandemic

Become a Cybersecurity Expert - Magnovatech
Magnova Engineers 2021-12-10
img
Cybersecurity in the 21st century is ever-evolving. Is your skillset up to date on this technology? Learn how to be Cybersecurity Certified for a career of a lifetime from our Magnovatech in Hyderabad India.
Understanding the Benefits of Cybersecurity in the UAE
Carol Fonseca 2023-04-12
img
5 of 2012 (The Cyber ​​Crimes Law) is designed to protect the UAE's citizens and organizations from cybercrime and other forms of digital fraud. To combat this trend, the UAE has implemented several measures to reduce the risk of cybercrime, including the National Cybersecurity Strategy, which outlines the government's goals for the UAE and its citizens. The UAE recently launched the 'National Cyber Security System', consisting of four sub-systems: the National Information System, the Cybersecurity Strategy System, the Cybersecurity Risk Management System, and the Cybersecurity Emergency Response System. The UAE also has several initiatives to encourage businesses and government organizations to adopt better cybersecurity practices. The UAE is a clear example of how proactive cybersecurity measures can be used to protect a nation and its citizens.
Endpoint Detection and Response (EDR)
proaxis solutions 2022-08-01
img
Any data or security breach are promptly investigated with the appropriate tools and technologies and relevant expertise. Our team also work upon conducting routine behavioural analysis for threats on all the endpoint devices located within the organization. The core theme of cybersecurity is to safeguard all your digital assets from any cyber-attacks / data breaches / unauthorized access or hacking. A dedicated cybersecurity team would have analysts and technical with multiple domain proficiency. The Hindu Group, Bangalore, Karnataka - 560001Phone No : +91 9108968720Mail ID : info@proaxissolutions.
Do You Know Facts + Statistics Identity Theft and Cybercrime
DIRO Original 2021-07-29
img

Are you really aware of identity theft and cybercrime facts?

If not, here are the identity theft and cybercrime facts and statistics.Learn more: https://diro.io/identity-theft-and-cybercrime-key-statistics-facts/

Is a Cybersecurity Certification worth it?
Careerera 2021-08-11
img

If you are interested in the field of Cybersecurity and want to become a Cybersecurity professional, Then do not think twice, about a cybersecurity certification.

it's completely worth it with so many benefits.

Why is it risky to use public wifi?
A2Z Defender 2021-01-12
img

It’s a Sunday afternoon, you are hanging with your friends at a cafe, and catching the free wifi to complete the task that you couldn’t quite get to during your busy week.

What is public wifi?Public wifi is available in high-traffic areas, such as airports, shopping malls, cafes, hotels, and resorts.

While business owners may believe they are providing an engaging experience to their customers by offering free wifi, an attacker takes advantage of this free service by interesting himself between the victim’s communication and hotspot to steal and modify the data.

This attack exploits the real-time processing of transactions, conversation, and personal information.

When you connect to the public wifi at the coffee shop, don’t do your online banking or anything sensitive.

Attackers can easily exploit this weakness by writing a code to target the specific vulnerability and deliver the malware onto your computer.

Cybersecurity survival tips for small businesses in 2022
Techxmedia 2022-04-06
img
André Lameiras, security writer at ESET, explains how businesses without the resources and technological expertise of large organizations can defend themselves against cybercriminals. Running and growing a business is hard work even in good times, but times of crisis bring a fresh crop of challenges. Two years ago, many lives and livelihoods were suddenly left hanging in the balance with nary a warning. The risk is acute for government agencies and multinational corporations all the way to perhaps the most vulnerable – small and medium-sized businesses (SMBs). Devoid of the resources of their larger brethren, small companies may find it particularly difficult to defend themselves against cybercriminals or to bounce back from a successful attack.
MEA Cybersecurity Market Size, Growth Drivers, Opportunities And Forecast Till 2023
marketsandmarkets 2023-01-03
img
The report “MEA Cybersecurity Market by Solution (IAM, Encryption, DLP, UTM, Antivirus/Antimalware, Firewall, IDS/IPS, Disaster Recovery), Service (Professional and Managed), Security Type, Deployment Mode, Organization Size, Vertical, and Country — Forecast to 2023”, The MEA cybersecurity market size is expected to grow from USD 15. The increasing demand among Small and Medium-sized Enterprises (SMEs) operating across industry verticals and regions would drive the market growth during the forecast period. id=190673806Application security segment to grow at the highest CAGR during the forecast periodThe application security segment is expected to grow at the highest CAGR during the forecast period. The adoption of cybersecurity solutions provides advanced protection from threats, without affecting operational efficiency. About MarketsandMarkets™MarketsandMarkets™ provides quantified B2B research on 30,000 high growth niche opportunities/threats which will impact 70% to 80% of worldwide companies’ revenues.