███████╗██╗ ██╗██╗██╗ ███╗ ███╗██╗ ██╗████████╗███████╗██╗ ██╗ ██╔════╝██║ ██║██║██║ ████╗ ████║██║ ██║╚══██╔══╝██╔════╝╚██╗██╔╝ █████╗ ██║ ██║██║██║ ██╔████╔██║██║ ██║ ██║ █████╗ ╚███╔╝ ██╔══╝ ╚██╗ ██╔╝██║██║ ██║╚██╔╝██║██║ ██║ ██║ ██╔══╝ ██╔██╗ ███████╗ ╚████╔╝ ██║███████╗ ██║ ╚═╝ ██║╚██████╔╝ ██║ ███████╗██╔╝ ██╗ ╚══════╝ ╚═══╝ ╚═╝╚══════╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚══════╝╚═╝ ╚═╝

⚠

Gamarue

backdoor1 mutex signatures

[BASIC_INFORMATION]

FAMILY_NAME:

Gamarue

CATEGORY:

BACKDOOR

DESCRIPTION:

Gamarue, sometimes referred to as Andromeda or Wauchos, is a malware family used as part of a botnet. The variant of Gamarue we observe most frequently is a worm that spreads primarily via infected USB drives. Gamarue has been used to spread other malware, steal information, and perform other activities such as click fraud. Despite being disrupted in 2017, it continues to be prevalent and was in the top 10 threats eight times in 12 months in 2024, with new C2 infrastructure observed as of December 2024.

ALIASES:

AndromedaWauchos

TAGS:

backdoorbotnetwormusb_spreaderclick_fraudc2_communication

[MUTEX_SIGNATURES](1)

[MUTEX_01]

345rdxcvgt567yhjm

ANALYST: @adhikara13 DATE: 2025-08-08

REFERENCES:

https://blog.talosintelligence.com/threat-roundup-0617-0624/

[QUICK_ACTIONS]

[THREAT_INTELLIGENCE]

ATTRIBUTION:

⚠Unknown

FIRST_OBSERVED:

2011

[SIGMA_RULE]

[STATISTICS]

MUTEX_COUNT:1

THREAT_ACTORS:1

ALIASES:2

TAGS:6

CATEGORY:BACKDOOR

Malware profile loaded successfully