ANDROMEDA

MITRE

Tipo Malware:
Other

Prima attivita:
Unknown

Ultima attivita:
Unknown

Dettagli:

[ANDROMEDA](https://attack.mitre.org/software/S1074) is commodity malware that was widespread in the early 2010's and continues to be observed in infections across a wide variety of industries. During the 2022 [C0026](https://attack.mitre.org/campaigns/C0026) campaign, threat actors re-registered expired [ANDROMEDA](https://attack.mitre.org/software/S1074) C2 domains to spread malware to select targets in Ukraine.(Citation: Mandiant Suspected Turla Campaign February 2023)

Tecniche Associate (7)

ID	ATT&CK	Tattiche
T1036.005	Match Legitimate Resource Name or Location	-
T1036.008	Masquerade File Type	-
T1055	Process Injection	-
T1071.001	Web Protocols	-
T1091	Replication Through Removable Media	-
T1105	Ingress Tool Transfer	-
T1547.001	Registry Run Keys / Startup Folder	-

Metadata

ID:	602
Created:	13/01/2026 17:48
Updated:	06/03/2026 16:00