216.73.216.86

Stellar Discovery of A New Cluster of Andromeda/Gamarue C2

· Published 04/12/2024 03:54 · Modified 04/12/2024 09:22

Export JSON

Essential information

Published
04/12/2024 03:54
Modified
04/12/2024 09:22
Tags
2024-12-04 andromeda gamarue
Related entities
10 observables, 1 intrusion sets (apt), 12 techniques (mitre), 3 malware, 2 others

Description

A new cluster of Command and Control (C2) servers related to the / backdoor has been discovered, targeting manufacturing and logistics companies in Asia. The initial infection vector involves USB drive-by attacks, using LNK shortcuts to execute malicious DLLs. The malware employs rundll32.exe to load these DLLs, establishing C2 connections to domains with a specific TLS certificate. The backdoor, known for its modular nature and ability to download additional malware, is used in conjunction with other malware families. Persistence is achieved through registry modifications, and the attackers attempt to evade detection by masquerading as Google applications.

External references