Trusted Design

GamaPoS: The Andromeda Botnet Connection

概要

The Andromeda botnet is a well-known botnet that surfaced around 2011 and has delivered well-known backdoor variants like Gamarue. In past revivals, the botnet has been distributed through malicious emails containing attachments or links to compromised websites hosting exploit kit content. What makes this botnet successful is its highly configurable and modular design that can fit any malicious intent, like distributing Zeus or, more recently, distributing a Lethic bot. Earlier this year, the Andromeda botnet was seen using macro-based malware, which is yet again an old trick. What makes this interesting is how the dated botnet and macro malware trick are used together. Indeed, the past few months seem to be quite busy for the Andromeda botnet and its recent activity indicates intent in the United States.

Created: 2026-02-23

Indicators

• domain - richdilly.com -
• URL - http://andropaul.com/down/sprld.exe -
• domain - tradebby.com -
• URL - http://pos-softwareupdate.com/microsupdate/microsupdate.exe -
• domain - eigh88.com -
• URL - http://sarawork.io/down/spm/andro.exe -
• domain - androkyle.com -
• domain - pos-softwareupdate.com -
• domain - chivas.io -
• domain - cash-lord.com -
• domain - wwebapps-mpp.com -
• domain - alexawork.com -
• domain - andromike.com -
• CVE - CVE-2014-1761 -
• domain - bybbaby.com -
• domain - sarawork.io -
• URL - http://andromike.com/down/andro2.exe -
• URL - http://80.242.123.144/down/spm/andro.exe -
• domain - androjose.com -
• URL - http://alexawork.com/down/spm/andro.exe -
• CVE - CVE-2012-0158 -
• domain - andropaul.com -
• domain - g-tr.io -
• domain - top1ess.com -
• URL - http://paulcrabs.com/down/spm/andro.exe -
• domain - palevo-inc.com -
• domain - androryan.com -
• domain - hamman.io -
• domain - paulcrabs.com -

類似Pulses

• Gamarue dropping Lethic bot (score: 0.80)
• Andromeda Botnet (score: 0.75)
• Andromeda Botnet Targets Italy in Recent Spam Campaigns (score: 0.73)
• A New All-in-One Botnet: Proteus (score: 0.68)
• Botnet - Fluxerbot (score: 0.67)

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

---

← Pulse一覧に戻る