Skip to content

Hide Navigation Hide TOC

ANDROMEDA (69aac793-9e6a-5167-bc62-823189ee2f7b)

ANDROMEDA is commodity malware that was widespread in the early 2010's and continues to be observed in infections across a wide variety of industries. During the 2022 C0026 campaign, threat actors re-registered expired ANDROMEDA C2 domains to spread malware to select targets in Ukraine.[Mandiant Suspected Turla Campaign February 2023]

Cluster A Galaxy A Cluster B Galaxy B Level
ANDROMEDA (69aac793-9e6a-5167-bc62-823189ee2f7b) Tidal Software Turla (47ae4fb1-fc61-4e8e-9310-66dda706e1a2) Tidal Groups 1