Trusted Design

Disrupting Gamarue

概要

Gamarue, mostly detected by ESET as Win32/TrojanDownloader.Wauchos, has been around since at least September 2011 and was, for the most part, sold as a crimekit on underground forums. This crimekit proved very popular amongst cybercriminals and, that being the case, there are multiple, independent Wauchos botnets. In the past, Wauchos has been the most detected malware family amongst ESET users, so when approached by Microsoft to take part in a joint disruption effort against it, to better protect our users and the general public at large, it was a no-brainer to agree.

Created: 2026-02-23

Indicators

類似Pulses

GamaPoS: The Andromeda Botnet Connection (score: 0.59)
PowerSniff Malware Used in Macro-based Attacks (score: 0.57)
Aggressive Malware Pushers: Prolific Cyber Surfers Beware (score: 0.57)
Stegoloader: A Stealthy Information Stealer (score: 0.57)
TrendLabs: Spam Campaign Delivers Cross-platform Remote Access Trojan Adwind (score: 0.56)

このPulseに関連する脅威アクター (事実ベース)

Winnti Group

Score: 3.29

Matched TTPs:

T1014 - Rootkit

MITREへのリンク →

APT41

Score: 7.10

Matched TTPs:

T1014 - Rootkit
T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1203 - Exploitation for Client Execution

MITREへのリンク →

Rocke

Score: 7.42

Matched TTPs:

T1014 - Rootkit
T1190 - Exploit Public-Facing Application
T1564.001 - Hidden Files and Directories

MITREへのリンク →

TeamTNT

Score: 5.38

Matched TTPs:

T1014 - Rootkit
T1587.001 - Malware

MITREへのリンク →

APT28

Score: 18.03

Matched TTPs:

T1014 - Rootkit
T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1203 - Exploitation for Client Execution
T1564.001 - Hidden Files and Directories
T1550.001 - Application Access Token
T1211 - Exploitation for Defense Evasion

MITREへのリンク →

UNC3886

Score: 11.50

Matched TTPs:

T1014 - Rootkit
T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1027.005 - Indicator Removal from Tools
T1203 - Exploitation for Client Execution

MITREへのリンク →

Kimsuky

Score: 4.41

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1588.002 - Tool

MITREへのリンク →

FIN13

Score: 7.08

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1564.001 - Hidden Files and Directories

MITREへのリンク →

Lazarus Group

Score: 11.24

Matched TTPs:

T1587.001 - Malware
T1588.002 - Tool
T1203 - Exploitation for Client Execution
T1027.007 - Dynamic API Resolution
T1564.001 - Hidden Files and Directories

MITREへのリンク →

OilRig

Score: 14.18

Matched TTPs:

T1587.001 - Malware
T1195 - Supply Chain Compromise
T1588.002 - Tool
T1027.005 - Indicator Removal from Tools
T1203 - Exploitation for Client Execution
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

LuminousMoth

Score: 5.61

Matched TTPs:

T1587.001 - Malware
T1588.002 - Tool
T1564.001 - Hidden Files and Directories

MITREへのリンク →

Sandworm Team

Score: 13.37

Matched TTPs:

T1587.001 - Malware
T1195 - Supply Chain Compromise
T1190 - Exploit Public-Facing Application
T1584.005 - Botnet
T1588.002 - Tool
T1203 - Exploitation for Client Execution

MITREへのリンク →

Salt Typhoon

Score: 4.41

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1588.002 - Tool

MITREへのリンク →

APT29

Score: 9.75

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1553.005 - Mark-of-the-Web Bypass
T1588.002 - Tool
T1203 - Exploitation for Client Execution

MITREへのリンク →

Play

Score: 4.41

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1588.002 - Tool

MITREへのリンク →

Aoqin Dragon

Score: 4.44

Matched TTPs:

T1587.001 - Malware
T1588.002 - Tool
T1203 - Exploitation for Client Execution

MITREへのリンク →

RedCurl

Score: 7.51

Matched TTPs:

T1587.001 - Malware
T1573.002 - Asymmetric Cryptography
T1564.001 - Hidden Files and Directories

MITREへのリンク →

Moses Staff

Score: 4.41

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1588.002 - Tool

MITREへのリンク →

Turla

Score: 6.10

Matched TTPs:

T1587.001 - Malware
T1588.002 - Tool
T1027.005 - Indicator Removal from Tools

MITREへのリンク →

Ke3chang

Score: 4.41

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1588.002 - Tool

MITREへのリンク →

Mustang Panda

Score: 11.24

Matched TTPs:

T1587.001 - Malware
T1588.002 - Tool
T1203 - Exploitation for Client Execution
T1027.007 - Dynamic API Resolution
T1564.001 - Hidden Files and Directories

MITREへのリンク →

FIN7

Score: 7.08

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1564.001 - Hidden Files and Directories

MITREへのリンク →

Ember Bear

Score: 6.81

Matched TTPs:

T1195 - Supply Chain Compromise
T1190 - Exploit Public-Facing Application
T1203 - Exploitation for Client Execution

MITREへのリンク →

Threat Group-3390

Score: 3.81

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1203 - Exploitation for Client Execution

MITREへのリンク →

Volt Typhoon

Score: 5.94

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1584.005 - Botnet
T1588.002 - Tool

MITREへのリンク →

BlackTech

Score: 3.81

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1203 - Exploitation for Client Execution

MITREへのリンク →

Medusa Group

Score: 5.07

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

Sea Turtle

Score: 3.81

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1203 - Exploitation for Client Execution

MITREへのリンク →

GALLIUM

Score: 5.47

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1027.005 - Indicator Removal from Tools

MITREへのリンク →

Dragonfly

Score: 3.81

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1203 - Exploitation for Client Execution

MITREへのリンク →

Axiom

Score: 6.59

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1584.005 - Botnet
T1203 - Exploitation for Client Execution

MITREへのリンク →

HAFNIUM

Score: 11.89

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1584.005 - Botnet
T1564.001 - Hidden Files and Directories
T1550.001 - Application Access Token

MITREへのリンク →

MuddyWater

Score: 3.81

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1203 - Exploitation for Client Execution

MITREへのリンク →

TA505

Score: 4.69

Matched TTPs:

T1553.005 - Mark-of-the-Web Bypass
T1588.002 - Tool

MITREへのリンク →

APT38

Score: 4.69

Matched TTPs:

T1553.005 - Mark-of-the-Web Bypass
T1588.002 - Tool

MITREへのリンク →

Scattered Spider

Score: 5.39

Matched TTPs:

T1588.002 - Tool
T1538 - Cloud Service Dashboard

MITREへのリンク →

FIN8

Score: 3.60

Matched TTPs:

T1588.002 - Tool
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

TA2541

Score: 3.60

Matched TTPs:

T1588.002 - Tool
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

FIN6

Score: 3.60

Matched TTPs:

T1588.002 - Tool
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

Patchwork

Score: 5.49

Matched TTPs:

T1588.002 - Tool
T1027.005 - Indicator Removal from Tools
T1203 - Exploitation for Client Execution

MITREへのリンク →

Cobalt Group

Score: 5.09

Matched TTPs:

T1588.002 - Tool
T1203 - Exploitation for Client Execution
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

APT32

Score: 5.01

Matched TTPs:

T1588.002 - Tool
T1203 - Exploitation for Client Execution
T1564.001 - Hidden Files and Directories

MITREへのリンク →

APT42

Score: 3.60

Matched TTPs:

T1588.002 - Tool
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

Deep Panda

Score: 3.15

Matched TTPs:

T1027.005 - Indicator Removal from Tools

MITREへのリンク →

APT3

Score: 4.65

Matched TTPs:

T1027.005 - Indicator Removal from Tools
T1203 - Exploitation for Client Execution

MITREへのリンク →

Transparent Tribe

Score: 4.16

Matched TTPs:

T1203 - Exploitation for Client Execution
T1564.001 - Hidden Files and Directories

MITREへのリンク →

Tropic Trooper

Score: 6.91

Matched TTPs:

T1203 - Exploitation for Client Execution
T1573.002 - Asymmetric Cryptography
T1564.001 - Hidden Files and Directories

MITREへのリンク →

Velvet Ant

Score: 6.88

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1211 - Exploitation for Defense Evasion

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.83

Matched TTPs:

T1588.002 - Tool
T1211 - Exploitation for Defense Evasion
T1190 - Exploit Public-Facing Application
T1550.001 - Application Access Token
T1014 - Rootkit
T1203 - Exploitation for Client Execution
T1564.001 - Hidden Files and Directories

MITREへのリンク →

Sandworm Team

Score: 0.63

Matched TTPs:

T1588.002 - Tool
T1190 - Exploit Public-Facing Application
T1584.005 - Botnet
T1195 - Supply Chain Compromise
T1587.001 - Malware
T1203 - Exploitation for Client Execution

MITREへのリンク →

OilRig

Score: 0.62

Matched TTPs:

T1588.002 - Tool
T1195 - Supply Chain Compromise
T1587.001 - Malware
T1573.002 - Asymmetric Cryptography
T1203 - Exploitation for Client Execution
T1027.005 - Indicator Removal from Tools

MITREへのリンク →

UNC3886

Score: 0.57

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1587.001 - Malware
T1014 - Rootkit
T1203 - Exploitation for Client Execution
T1027.005 - Indicator Removal from Tools

MITREへのリンク →

HAFNIUM

Score: 0.57

Matched TTPs:

T1550.001 - Application Access Token
T1564.001 - Hidden Files and Directories
T1190 - Exploit Public-Facing Application
T1584.005 - Botnet

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る