Stellar Discovery of A New Cluster of Andromeda/Gamarue C2

SUMMARY :

A new cluster of Command and Control (C2) servers related to the Andromeda/Gamarue backdoor has been discovered, targeting manufacturing and logistics companies in Asia. The initial infection vector involves USB drive-by attacks, using LNK shortcuts to execute malicious DLLs. The malware employs rundll32.exe to load these DLLs, establishing C2 connections to domains with a specific TLS certificate. The Andromeda backdoor, known for its modular nature and ability to download additional malware, is used in conjunction with other malware families. Persistence is achieved through registry modifications, and the attackers attempt to evade detection by masquerading as Google applications.

OPENCTI LABELS :

andromeda,gamarue


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Stellar Discovery of A New Cluster of Andromeda/Gamarue C2