Common Information
| Type | Value |
|---|---|
| Value |
ANDROMEDA - S1074 |
| Category | Tool |
| Type | Mitre-Malware |
| Misp Type | Cluster |
| Description | [ANDROMEDA](https://attack.mitre.org/software/S1074) is commodity malware that was widespread in the early 2010's and continues to be observed in infections across a wide variety of industries. During the 2022 [C0026](https://attack.mitre.org/campaigns/C0026) campaign, threat actors re-registered expired [ANDROMEDA](https://attack.mitre.org/software/S1074) C2 domains to spread malware to select targets in Ukraine.(Citation: Mandiant Suspected Turla Campaign February 2023) |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2015-07-03 | 6 | Slave, Banatrix and ransomware | ||
| Details | Website | 2015-06-19 | 3 | CVE-2015-3090 (Flash up to 17.0.0.169) and Exploit Kits | ||
| Details | Website | 2015-04-08 | 11 | A flawed ransomware encryptor | ||
| Details | Website | 2015-04-01 | 80 | Microsoft Word Intruder & MWISTAT | Microsoft Word Exploit Kit | ||
| Details | Website | 2015-02-26 | 17 | A dive into the wake of the RIG EK leak | ||
| Details | Website | 2014-12-18 | 26 | Chthonic: a new modification of ZeuS | ||
| Details | Website | 2014-10-24 | 15 | TorLocker | ||
| Details | Website | 2014-10-09 | 3 | Andromeda - Vulnerabilities and Enumeration | ||
| Details | Website | 2014-09-29 | 18 | Angler EK : now capable of "fileless" infection (memory malware) | ||
| Details | Website | 2014-08-22 | 0 | Virus Bulletin :: VB2014 preview: Duping the machine - malware strategies, post sandbox detection | ||
| Details | Website | 2014-07-15 | 12 | SkyShare : Evolution Mining Botnet System | ||
| Details | Website | 2014-07-15 | 24 | From Alureon/Wowliks to Poweliks botnet (distribution in Affiliate mode) | ||
| Details | Website | 2014-07-08 | 63 | Disk57.com, Cutwail, and Tearing Down Offending Infrastructure | ||
| Details | Website | 2014-07-08 | 68 | Threat Spotlight: "A String of Paerls", Part 2, Deep Dive | ||
| Details | Website | 2014-06-25 | 12 | E-mail trojan attack on Booking.com and online auction website Allegro.pl clients | ||
| Details | Website | 2014-06-19 | 9 | Neutrino Bot (aka MS:Win32/Kasidet) | ||
| Details | Website | 2014-06-07 | 43 | CVE-2014-0515 (Flash 13.0.0.182 and earlier) integrating Exploit Kits | ||
| Details | Website | 2014-05-29 | 8 | A look on the VBKlip “battlefield” | ||
| Details | Website | 2014-05-22 | 0 | New Trojan in Town: Meet the Zberp Trojan | ||
| Details | Website | 2014-05-22 | 9 | Blackshades RAT leads to 97 Arrests in 16 countries | ||
| Details | Website | 2014-04-07 | 2 | Honeynet Project Workshop CrackMe Solution | ||
| Details | Website | 2014-02-05 | 4 | Remediate VBS malware | ||
| Details | Website | 2013-09-01 | 29 | Meet Madness Pro or Few days rise of a Ddos Botnet | ||
| Details | Website | 2013-08-23 | 0 | Takeover of Domain Silver, Inc .pl domains – updated with sinkhole statistics | ||
| Details | Website | 2013-02-27 | 7 | The strange case of Gamarue propagation - Microsoft Security Blog |