ANDROMEDA (69aac793-9e6a-5167-bc62-823189ee2f7b)
ANDROMEDA is commodity malware that was widespread in the early 2010's and continues to be observed in infections across a wide variety of industries. During the 2022 C0026 campaign, threat actors re-registered expired ANDROMEDA C2 domains to spread malware to select targets in Ukraine.[Mandiant Suspected Turla Campaign February 2023]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| ANDROMEDA (69aac793-9e6a-5167-bc62-823189ee2f7b) | Tidal Software | Turla (47ae4fb1-fc61-4e8e-9310-66dda706e1a2) | Tidal Groups | 1 |