A malware-as-a-service (Maas) dubbedMatanbuchushas been observed spreading through phishing campaigns, ultimately dropping the Cobalt Strike post-exploitation framework on compromised machines. Matanbuchus, like othermalware loaderssuch asBazarLoader,Bumblebee, andColibri, is engineered to download and execute second-stage executables from command-and-control (C&C) servers on infected