Trusted Design

GamaPoS: The Andromeda Botnet Connection

概要

The Andromeda botnet is a well-known botnet that surfaced around 2011 and has delivered well-known backdoor variants like Gamarue. In past revivals, the botnet has been distributed through malicious emails containing attachments or links to compromised websites hosting exploit kit content. What makes this botnet successful is its highly configurable and modular design that can fit any malicious intent, like distributing Zeus or, more recently, distributing a Lethic bot. Earlier this year, the Andromeda botnet was seen using macro-based malware, which is yet again an old trick. What makes this interesting is how the dated botnet and macro malware trick are used together. Indeed, the past few months seem to be quite busy for the Andromeda botnet and its recent activity indicates intent in the United States.

Created: 2026-02-23

Indicators

類似Pulses

Gamarue dropping Lethic bot (score: 0.80)
Andromeda Botnet (score: 0.75)
Andromeda Botnet Targets Italy in Recent Spam Campaigns (score: 0.73)
A New All-in-One Botnet: Proteus (score: 0.68)
Botnet - Fluxerbot (score: 0.67)

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 16.44

Matched TTPs:

T1033 - System Owner/User Discovery
T1606.002 - SAML Tokens
T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1547.002 - Authentication Package
T1027.018 - Invisible Unicode
T1003.003 - NTDS

MITREへのリンク →

Sea Turtle

Score: 4.53

Matched TTPs:

T1033 - System Owner/User Discovery
T1218.010 - Regsvr32

MITREへのリンク →

Ember Bear

Score: 15.25

Matched TTPs:

T1033 - System Owner/User Discovery
T1564.008 - Email Hiding Rules
T1136.002 - Domain Account
T1218.010 - Regsvr32
T1003.003 - NTDS

MITREへのリンク →

Indrik Spider

Score: 7.96

Matched TTPs:

T1033 - System Owner/User Discovery
T1606.002 - SAML Tokens
T1546.016 - Installer Packages

MITREへのリンク →

Agrius

Score: 3.03

Matched TTPs:

T1033 - System Owner/User Discovery

MITREへのリンク →

Contagious Interview

Score: 17.13

Matched TTPs:

T1033 - System Owner/User Discovery
T1044 - File System Permissions Weakness
T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1021.006 - Windows Remote Management
T1027.018 - Invisible Unicode

MITREへのリンク →

Sandworm Team

Score: 24.39

Matched TTPs:

T1033 - System Owner/User Discovery
T1564.008 - Email Hiding Rules
T1606.002 - SAML Tokens
T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1049 - System Network Connections Discovery
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1546.016 - Installer Packages
T1027.018 - Invisible Unicode

MITREへのリンク →

Star Blizzard

Score: 5.01

Matched TTPs:

T1033 - System Owner/User Discovery
T1091 - Replication Through Removable Media

MITREへのリンク →

Scattered Spider

Score: 11.13

Matched TTPs:

T1666 - Modify Cloud Resource Hierarchy
T1136.002 - Domain Account
T1027.002 - Software Packing

MITREへのリンク →

FIN4

Score: 6.94

Matched TTPs:

T1666 - Modify Cloud Resource Hierarchy
T1543.003 - Windows Service
T1027.018 - Invisible Unicode

MITREへのリンク →

Moonstone Sleet

Score: 4.07

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media

MITREへのリンク →

Lazarus Group

Score: 20.01

Matched TTPs:

T1606.002 - SAML Tokens
T1543.003 - Windows Service
T1606.001 - Web Cookies
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1055.005 - Thread Local Storage

MITREへのリンク →

OilRig

Score: 11.12

Matched TTPs:

T1606.002 - SAML Tokens
T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1218.010 - Regsvr32
T1128 - Netsh Helper DLL
T1027.018 - Invisible Unicode

MITREへのリンク →

UNC3886

Score: 10.18

Matched TTPs:

T1606.002 - SAML Tokens
T1021.006 - Windows Remote Management
T1136.002 - Domain Account
T1218.010 - Regsvr32

MITREへのリンク →

LuminousMoth

Score: 9.33

Matched TTPs:

T1606.002 - SAML Tokens
T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1136.002 - Domain Account
T1027.018 - Invisible Unicode

MITREへのリンク →

APT29

Score: 14.78

Matched TTPs:

T1606.002 - SAML Tokens
T1543.003 - Windows Service
T1592.004 - Client Configurations
T1218.010 - Regsvr32
T1218.009 - Regsvcs/Regasm
T1027.018 - Invisible Unicode

MITREへのリンク →

Aoqin Dragon

Score: 3.59

Matched TTPs:

T1606.002 - SAML Tokens
T1218.010 - Regsvr32

MITREへのリンク →

RedCurl

Score: 7.65

Matched TTPs:

T1606.002 - SAML Tokens
T1543.003 - Windows Service
T1128 - Netsh Helper DLL
T1027.018 - Invisible Unicode

MITREへのリンク →

Turla

Score: 14.36

Matched TTPs:

T1606.002 - SAML Tokens
T1543.003 - Windows Service
T1136.002 - Domain Account
T1547.002 - Authentication Package
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1027.018 - Invisible Unicode

MITREへのリンク →

Ke3chang

Score: 5.94

Matched TTPs:

T1606.002 - SAML Tokens
T1027.008 - Stripped Payloads

MITREへのリンク →

Mustang Panda

Score: 12.50

Matched TTPs:

T1606.002 - SAML Tokens
T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1218.010 - Regsvr32
T1055.005 - Thread Local Storage
T1027.018 - Invisible Unicode

MITREへのリンク →

TeamTNT

Score: 4.07

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media

MITREへのリンク →

FIN7

Score: 9.27

Matched TTPs:

T1606.002 - SAML Tokens
T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1547.002 - Authentication Package
T1027.018 - Invisible Unicode

MITREへのリンク →

BlackTech

Score: 4.30

Matched TTPs:

T1543.003 - Windows Service
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

MuddyWater

Score: 6.70

Matched TTPs:

T1543.003 - Windows Service
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

Confucius

Score: 4.30

Matched TTPs:

T1543.003 - Windows Service
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

Sidewinder

Score: 4.30

Matched TTPs:

T1543.003 - Windows Service
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

Elderwood

Score: 6.07

Matched TTPs:

T1543.003 - Windows Service
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1027.018 - Invisible Unicode

MITREへのリンク →

Machete

Score: 4.57

Matched TTPs:

T1543.003 - Windows Service
T1059.012 - Hypervisor CLI
T1027.018 - Invisible Unicode

MITREへのリンク →

Mustard Tempest

Score: 6.55

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1059.012 - Hypervisor CLI
T1027.018 - Invisible Unicode

MITREへのリンク →

Transparent Tribe

Score: 6.07

Matched TTPs:

T1543.003 - Windows Service
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1027.018 - Invisible Unicode

MITREへのリンク →

FIN8

Score: 5.55

Matched TTPs:

T1543.003 - Windows Service
T1128 - Netsh Helper DLL
T1027.018 - Invisible Unicode

MITREへのリンク →

APT32

Score: 11.88

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1592.004 - Client Configurations
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1027.018 - Invisible Unicode

MITREへのリンク →

APT3

Score: 4.30

Matched TTPs:

T1543.003 - Windows Service
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

APT1

Score: 3.91

Matched TTPs:

T1543.003 - Windows Service
T1136.002 - Domain Account

MITREへのリンク →

Leviathan

Score: 8.90

Matched TTPs:

T1543.003 - Windows Service
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1027.018 - Invisible Unicode

MITREへのリンク →

APT33

Score: 4.30

Matched TTPs:

T1543.003 - Windows Service
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

ZIRCONIUM

Score: 5.20

Matched TTPs:

T1543.003 - Windows Service
T1547.002 - Authentication Package
T1027.018 - Invisible Unicode

MITREへのリンク →

EXOTIC LILY

Score: 6.27

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

Magic Hound

Score: 6.97

Matched TTPs:

T1543.003 - Windows Service
T1547.002 - Authentication Package
T1059.012 - Hypervisor CLI
T1027.018 - Invisible Unicode

MITREへのリンク →

Windshift

Score: 4.57

Matched TTPs:

T1543.003 - Windows Service
T1059.012 - Hypervisor CLI
T1027.018 - Invisible Unicode

MITREへのリンク →

Cobalt Group

Score: 7.05

Matched TTPs:

T1543.003 - Windows Service
T1218.010 - Regsvr32
T1128 - Netsh Helper DLL
T1027.018 - Invisible Unicode

MITREへのリンク →

TA2541

Score: 9.98

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1136.002 - Domain Account
T1128 - Netsh Helper DLL
T1027.018 - Invisible Unicode

MITREへのリンク →

Earth Lusca

Score: 11.84

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1136.002 - Domain Account
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1027.018 - Invisible Unicode

MITREへのリンク →

Patchwork

Score: 6.07

Matched TTPs:

T1543.003 - Windows Service
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1027.018 - Invisible Unicode

MITREへのリンク →

TA505

Score: 7.24

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1136.002 - Domain Account
T1027.018 - Invisible Unicode

MITREへのリンク →

LazyScripter

Score: 7.24

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1136.002 - Domain Account
T1027.018 - Invisible Unicode

MITREへのリンク →

APT42

Score: 6.17

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1128 - Netsh Helper DLL

MITREへのリンク →

APT39

Score: 5.20

Matched TTPs:

T1543.003 - Windows Service
T1547.002 - Authentication Package
T1027.018 - Invisible Unicode

MITREへのリンク →

HAFNIUM

Score: 7.47

Matched TTPs:

T1027.008 - Stripped Payloads
T1049 - System Network Connections Discovery

MITREへのリンク →

APT5

Score: 3.84

Matched TTPs:

T1027.008 - Stripped Payloads

MITREへのリンク →

Gamaredon Group

Score: 14.11

Matched TTPs:

T1091 - Replication Through Removable Media
T1606.001 - Web Cookies
T1061 - Graphical User Interface
T1547.002 - Authentication Package
T1027.018 - Invisible Unicode

MITREへのリンク →

Threat Group-3390

Score: 5.23

Matched TTPs:

T1091 - Replication Through Removable Media
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

BlackByte

Score: 5.82

Matched TTPs:

T1091 - Replication Through Removable Media
T1606.001 - Web Cookies

MITREへのリンク →

BITTER

Score: 3.47

Matched TTPs:

T1091 - Replication Through Removable Media
T1218.010 - Regsvr32

MITREへのリンク →

HEXANE

Score: 4.37

Matched TTPs:

T1091 - Replication Through Removable Media
T1547.002 - Authentication Package

MITREへのリンク →

Saint Bear

Score: 4.83

Matched TTPs:

T1091 - Replication Through Removable Media
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

Andariel

Score: 5.72

Matched TTPs:

T1136.002 - Domain Account
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

BRONZE BUTLER

Score: 7.10

Matched TTPs:

T1592.004 - Client Configurations
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Axiom

Score: 11.42

Matched TTPs:

T1049 - System Network Connections Discovery
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1160 - Launch Daemon

MITREへのリンク →

Volt Typhoon

Score: 6.45

Matched TTPs:

T1049 - System Network Connections Discovery
T1546.016 - Installer Packages

MITREへのリンク →

APT37

Score: 5.66

Matched TTPs:

T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

APT12

Score: 3.89

Matched TTPs:

T1547.002 - Authentication Package
T1218.010 - Regsvr32

MITREへのリンク →

APT28

Score: 7.02

Matched TTPs:

T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1027.018 - Invisible Unicode

MITREへのリンク →

Dragonfly

Score: 6.09

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages

MITREへのリンク →

Tropic Trooper

Score: 4.24

Matched TTPs:

T1218.010 - Regsvr32
T1128 - Netsh Helper DLL

MITREへのリンク →

Darkhotel

Score: 3.26

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Medusa Group

Score: 7.28

Matched TTPs:

T1128 - Netsh Helper DLL
T1094 - Custom Command and Control Protocol

MITREへのリンク →

APT38

Score: 3.13

Matched TTPs:

T1059.012 - Hypervisor CLI
T1027.018 - Invisible Unicode

MITREへのリンク →

Winter Vivern

Score: 3.13

Matched TTPs:

T1059.012 - Hypervisor CLI
T1027.018 - Invisible Unicode

MITREへのリンク →

Daggerfly

Score: 5.96

Matched TTPs:

T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1027.018 - Invisible Unicode

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.82

Matched TTPs:

T1049 - System Network Connections Discovery
T1564.008 - Email Hiding Rules
T1027.018 - Invisible Unicode
T1547.002 - Authentication Package
T1543.003 - Windows Service
T1218.010 - Regsvr32
T1091 - Replication Through Removable Media
T1546.016 - Installer Packages
T1033 - System Owner/User Discovery
T1606.002 - SAML Tokens

MITREへのリンク →

Lazarus Group

Score: 0.69

Matched TTPs:

T1059.012 - Hypervisor CLI
T1055.005 - Thread Local Storage
T1547.002 - Authentication Package
T1543.003 - Windows Service
T1218.010 - Regsvr32
T1606.001 - Web Cookies
T1546.016 - Installer Packages
T1606.002 - SAML Tokens

MITREへのリンク →

Contagious Interview

Score: 0.58

Matched TTPs:

T1021.006 - Windows Remote Management
T1027.018 - Invisible Unicode
T1091 - Replication Through Removable Media
T1044 - File System Permissions Weakness
T1033 - System Owner/User Discovery
T1606.002 - SAML Tokens

MITREへのリンク →

Kimsuky

Score: 0.58

Matched TTPs:

T1003.003 - NTDS
T1027.018 - Invisible Unicode
T1547.002 - Authentication Package
T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1033 - System Owner/User Discovery
T1606.002 - SAML Tokens

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る