ioc[.]one - OSINT Cyber Threat Intelligence Database

Gamarue/Andromeda Comeback

Tags

attack-pattern:

Data Botnet - T1583.005 Botnet - T1584.005 Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Msiexec - T1218.007 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Software - T1592.002 Rundll32 - T1085

Show in Graph

Common Information

Type	Value
UUID	9e6b1803-60dd-4eac-9c57-31f5eedca6c1
Fingerprint	fee31999aca62290
Analysis status	DONE
Considered CTI value	0
Text language
Published	Jan. 19, 2017, 5:36 p.m.
Added to db	Jan. 18, 2023, 7:56 p.m.
Last updated	Nov. 18, 2024, 1:25 p.m.
Headline	Deriving Cyber Threat Intelligence and Driving Threat Hunting
Title	Gamarue/Andromeda Comeback
Detected Hints/Tags/Attributes	51/1/14

Source URLs

	Redirection	Url
Details	Source	http://malwarenailed.blogspot.com/2017/01/gamarueandromeda-comeback.html

URL Provider

Details	Provider	Source level domain
Details	blogspot.com	malwarenailed.blogspot.com

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	53		blog.avast.com
Details	Domain	604		www.trendmicro.com
Details	File	1021		rundll32.exe
Details	File	270		msiexec.exe
Details	File	1		c:\programdata\mszor.exe
Details	File	1		ms%s.exe
Details	File	2		cdosys.dll
Details	File	117		taskmgr.exe
Details	File	1		vmtoolssd.exe
Details	File	74		vmtoolsd.exe
Details	File	8		sandboxierpcss.exe
Details	IPv4	2		109.70.26.37
Details	Url	3		https://blog.avast.com/andromeda-under-the-microscope
Details	Url	1		http://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/bkdr_androm.slw