MasterMana Botnet is believed to be operated by the Gorgon Group advanced persistent threat.
MasterMana is typically delivered via phishing emails containing malicious macro-enabled Microsoft Excel attachments. Once executed, these documents will attempt to terminate any Microsoft Office processes. Following this, the payload will attempt to add three scheduled tasks along with registry key values to maintain persistence.
If successful, MasterMana will reach out to attacker-controlled domains, hosted on widely used blogging services. These domains will then redirect to command and control servers and begin downloading DLL or PowerShell code. The code attempts to inject itself into processes, with the goal of evading anti-virus products.