Trusted Design

Disrupting Gamarue

概要

Gamarue, mostly detected by ESET as Win32/TrojanDownloader.Wauchos, has been around since at least September 2011 and was, for the most part, sold as a crimekit on underground forums. This crimekit proved very popular amongst cybercriminals and, that being the case, there are multiple, independent Wauchos botnets. In the past, Wauchos has been the most detected malware family amongst ESET users, so when approached by Microsoft to take part in a joint disruption effort against it, to better protect our users and the general public at large, it was a no-brainer to agree.

Created: 2026-02-23

Indicators

類似Pulses

GamaPoS: The Andromeda Botnet Connection (score: 0.59)
PowerSniff Malware Used in Macro-based Attacks (score: 0.57)
Aggressive Malware Pushers: Prolific Cyber Surfers Beware (score: 0.57)
Stegoloader: A Stealthy Information Stealer (score: 0.57)
TrendLabs: Spam Campaign Delivers Cross-platform Remote Access Trojan Adwind (score: 0.56)

このPulseに関連する脅威アクター (事実ベース)

Winnti Group

Score: 3.29

Matched TTPs:

T1499.001 - OS Exhaustion Flood

MITREへのリンク →

APT41

Score: 7.10

Matched TTPs:

T1499.001 - OS Exhaustion Flood
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1218.010 - Regsvr32

MITREへのリンク →

Rocke

Score: 7.42

Matched TTPs:

T1499.001 - OS Exhaustion Flood
T1140 - Deobfuscate/Decode Files or Information
T1105 - Ingress Tool Transfer

MITREへのリンク →

TeamTNT

Score: 5.38

Matched TTPs:

T1499.001 - OS Exhaustion Flood
T1606.002 - SAML Tokens

MITREへのリンク →

APT28

Score: 18.03

Matched TTPs:

T1499.001 - OS Exhaustion Flood
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1105 - Ingress Tool Transfer
T1055.008 - Ptrace System Calls
T1566.003 - Spearphishing via Service

MITREへのリンク →

UNC3886

Score: 11.50

Matched TTPs:

T1499.001 - OS Exhaustion Flood
T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1059.004 - Unix Shell
T1218.010 - Regsvr32

MITREへのリンク →

Kimsuky

Score: 4.41

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship

MITREへのリンク →

FIN13

Score: 7.08

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1105 - Ingress Tool Transfer

MITREへのリンク →

Lazarus Group

Score: 11.24

Matched TTPs:

T1606.002 - SAML Tokens
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1055.005 - Thread Local Storage
T1105 - Ingress Tool Transfer

MITREへのリンク →

OilRig

Score: 14.18

Matched TTPs:

T1606.002 - SAML Tokens
T1005 - Data from Local System
T1199 - Trusted Relationship
T1059.004 - Unix Shell
T1218.010 - Regsvr32
T1128 - Netsh Helper DLL

MITREへのリンク →

LuminousMoth

Score: 5.61

Matched TTPs:

T1606.002 - SAML Tokens
T1199 - Trusted Relationship
T1105 - Ingress Tool Transfer

MITREへのリンク →

Sandworm Team

Score: 13.37

Matched TTPs:

T1606.002 - SAML Tokens
T1005 - Data from Local System
T1140 - Deobfuscate/Decode Files or Information
T1049 - System Network Connections Discovery
T1199 - Trusted Relationship
T1218.010 - Regsvr32

MITREへのリンク →

Salt Typhoon

Score: 4.41

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship

MITREへのリンク →

APT29

Score: 9.75

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1138 - Application Shimming
T1199 - Trusted Relationship
T1218.010 - Regsvr32

MITREへのリンク →

Play

Score: 4.41

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship

MITREへのリンク →

Aoqin Dragon

Score: 4.44

Matched TTPs:

T1606.002 - SAML Tokens
T1199 - Trusted Relationship
T1218.010 - Regsvr32

MITREへのリンク →

RedCurl

Score: 7.51

Matched TTPs:

T1606.002 - SAML Tokens
T1128 - Netsh Helper DLL
T1105 - Ingress Tool Transfer

MITREへのリンク →

Moses Staff

Score: 4.41

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship

MITREへのリンク →

Turla

Score: 6.10

Matched TTPs:

T1606.002 - SAML Tokens
T1199 - Trusted Relationship
T1059.004 - Unix Shell

MITREへのリンク →

Ke3chang

Score: 4.41

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship

MITREへのリンク →

Mustang Panda

Score: 11.24

Matched TTPs:

T1606.002 - SAML Tokens
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1055.005 - Thread Local Storage
T1105 - Ingress Tool Transfer

MITREへのリンク →

FIN7

Score: 7.08

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1105 - Ingress Tool Transfer

MITREへのリンク →

Ember Bear

Score: 6.81

Matched TTPs:

T1005 - Data from Local System
T1140 - Deobfuscate/Decode Files or Information
T1218.010 - Regsvr32

MITREへのリンク →

Threat Group-3390

Score: 3.81

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1218.010 - Regsvr32

MITREへのリンク →

Volt Typhoon

Score: 5.94

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1049 - System Network Connections Discovery
T1199 - Trusted Relationship

MITREへのリンク →

BlackTech

Score: 3.81

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1218.010 - Regsvr32

MITREへのリンク →

Medusa Group

Score: 5.07

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1128 - Netsh Helper DLL

MITREへのリンク →

Sea Turtle

Score: 3.81

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1218.010 - Regsvr32

MITREへのリンク →

GALLIUM

Score: 5.47

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1059.004 - Unix Shell

MITREへのリンク →

Dragonfly

Score: 3.81

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1218.010 - Regsvr32

MITREへのリンク →

Axiom

Score: 6.59

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1049 - System Network Connections Discovery
T1218.010 - Regsvr32

MITREへのリンク →

HAFNIUM

Score: 11.89

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1049 - System Network Connections Discovery
T1105 - Ingress Tool Transfer
T1055.008 - Ptrace System Calls

MITREへのリンク →

MuddyWater

Score: 3.81

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1218.010 - Regsvr32

MITREへのリンク →

TA505

Score: 4.69

Matched TTPs:

T1138 - Application Shimming
T1199 - Trusted Relationship

MITREへのリンク →

APT38

Score: 4.69

Matched TTPs:

T1138 - Application Shimming
T1199 - Trusted Relationship

MITREへのリンク →

Scattered Spider

Score: 5.39

Matched TTPs:

T1199 - Trusted Relationship
T1027.002 - Software Packing

MITREへのリンク →

FIN8

Score: 3.60

Matched TTPs:

T1199 - Trusted Relationship
T1128 - Netsh Helper DLL

MITREへのリンク →

TA2541

Score: 3.60

Matched TTPs:

T1199 - Trusted Relationship
T1128 - Netsh Helper DLL

MITREへのリンク →

FIN6

Score: 3.60

Matched TTPs:

T1199 - Trusted Relationship
T1128 - Netsh Helper DLL

MITREへのリンク →

Patchwork

Score: 5.49

Matched TTPs:

T1199 - Trusted Relationship
T1059.004 - Unix Shell
T1218.010 - Regsvr32

MITREへのリンク →

Cobalt Group

Score: 5.09

Matched TTPs:

T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1128 - Netsh Helper DLL

MITREへのリンク →

APT32

Score: 5.01

Matched TTPs:

T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1105 - Ingress Tool Transfer

MITREへのリンク →

APT42

Score: 3.60

Matched TTPs:

T1199 - Trusted Relationship
T1128 - Netsh Helper DLL

MITREへのリンク →

Deep Panda

Score: 3.15

Matched TTPs:

T1059.004 - Unix Shell

MITREへのリンク →

APT3

Score: 4.65

Matched TTPs:

T1059.004 - Unix Shell
T1218.010 - Regsvr32

MITREへのリンク →

Transparent Tribe

Score: 4.16

Matched TTPs:

T1218.010 - Regsvr32
T1105 - Ingress Tool Transfer

MITREへのリンク →

Tropic Trooper

Score: 6.91

Matched TTPs:

T1218.010 - Regsvr32
T1128 - Netsh Helper DLL
T1105 - Ingress Tool Transfer

MITREへのリンク →

Velvet Ant

Score: 6.88

Matched TTPs:

T1128 - Netsh Helper DLL
T1566.003 - Spearphishing via Service

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.83

Matched TTPs:

T1199 - Trusted Relationship
T1566.003 - Spearphishing via Service
T1055.008 - Ptrace System Calls
T1218.010 - Regsvr32
T1105 - Ingress Tool Transfer
T1140 - Deobfuscate/Decode Files or Information
T1499.001 - OS Exhaustion Flood

MITREへのリンク →

Sandworm Team

Score: 0.63

Matched TTPs:

T1005 - Data from Local System
T1199 - Trusted Relationship
T1606.002 - SAML Tokens
T1049 - System Network Connections Discovery
T1218.010 - Regsvr32
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

OilRig

Score: 0.62

Matched TTPs:

T1005 - Data from Local System
T1199 - Trusted Relationship
T1606.002 - SAML Tokens
T1059.004 - Unix Shell
T1218.010 - Regsvr32
T1128 - Netsh Helper DLL

MITREへのリンク →

UNC3886

Score: 0.57

Matched TTPs:

T1606.002 - SAML Tokens
T1059.004 - Unix Shell
T1218.010 - Regsvr32
T1140 - Deobfuscate/Decode Files or Information
T1499.001 - OS Exhaustion Flood

MITREへのリンク →

HAFNIUM

Score: 0.57

Matched TTPs:

T1049 - System Network Connections Discovery
T1055.008 - Ptrace System Calls
T1105 - Ingress Tool Transfer
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る