 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
Tool: Andaratm| Names | Andaratm | |
| Category | Malware | |
| Type | Backdoor, Exfiltration | |
| Description | (AhnLab) Andaratm malware was used in attacks on military agencies in 2016, on ATMs and financial institutions in 2017, and on cryptocurrencyexchanges in 2018. 18 variants have been identified as of May 2018.The codesof Andaratm include strings such as '%s\cmd.exe /c echo | %s > %s'and '%s*****%s.' When Andaratm is executed, it acquires information, such as the computer name and username, attempts to connect to the designated C2 server, and receives and executes the command. The encryption method of Andaratm is similar to the methods generally used by malware. Andaratm only executes simple commands, such as downloading files, uploading files, and running cmd.exe files. | |
| Information | <https://global.ahnlab.com/global/upload/download/techreport/%5BAhnLab%5DAndariel_a_Subgroup_of_Lazarus%20(3).pdf> | |
Last change to this tool card: 20 April 2020
Download this tool card in JSON format
Previous: Anchor
Next: AndoServer
| Changed | Name | Country | Observed | ||
APT groups | |||||
 | Lazarus Group, Hidden Cobra, Labyrinth Chollima |  | 2007-Sep 2024  |  | |
1 group listed (1 APT, 0 other, 0 unknown)
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |