Sandworm PRESTIGE Ransomware
Sandworm deployment of PRESTIGE ransomware against Polish and Ukrainian logistics and transportation organisations.
Start date
1 October 2022
End date
—
Techniques
19
Attributed actors
Techniques (19)
command-and-control2
T1105Ingress Tool Transfer
T1071.001Web Protocols
credential-access1
T1003.001LSASS Memory
defense-impairment1
T1070.001Clear Windows Event Logs
discovery2
T1082System Information Discovery
T1083File and Directory Discovery
execution3
T1059.003Windows Command Shell
T1059.001PowerShell
T1053.005Scheduled Task
impact3
T1486Data Encrypted for Impact
T1489Service Stop
T1490Inhibit System Recovery
initial-access2
T1078Valid Accounts
T1190Exploit Public-Facing Application
lateral-movement3
T1021.001Remote Desktop Protocol
T1021.002SMB/Windows Admin Shares
T1550.002Pass the Hash
persistence3
T1078Valid Accounts
T1547.001Registry Run Keys / Startup Folder
T1053.005Scheduled Task
privilege-escalation3
T1078Valid Accounts
T1547.001Registry Run Keys / Startup Folder
T1053.005Scheduled Task
stealth2
T1078Valid Accounts
T1027Obfuscated Files or Information
Indicators of compromise
No IOCs linked to this campaign yet.