New “Prestige” ransomware impacts organizations in Ukraine and Poland - Microsoft Security Blog
Tags
country: Poland Russia Ukraine
attack-pattern: Credentials - T1589.001 Lsass Memory - T1003.001 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Rundll32 - T1218.011 Scheduled Task - T1053.005 Windows Service - T1543.003 Tool - T1588.002 Powershell - T1086 Rundll32 - T1085 Scheduled Task - T1053
Show in Graph
Common Information
Type Value
UUID 7131997e-db0d-473c-97ac-90ae26898f6f
Fingerprint a61068115745d60e
Analysis status DONE
Considered CTI value 2
Text language
Published Oct. 14, 2022, noon
Added to db Feb. 17, 2023, 11:58 p.m.
Last updated Nov. 18, 2024, 1:24 p.m.
Headline New “Prestige” ransomware impacts organizations in Ukraine and Poland
Title New “Prestige” ransomware impacts organizations in Ukraine and Poland - Microsoft Security Blog
Detected Hints/Tags/Attributes 77/2/14
Source URLs
Redirection Url
Details Source https://www.microsoft.com/en-us/security/blog/2022/10/14/new-prestige-ransomware-impacts-organizations-in-ukraine-and-poland/
Details Source https://www.microsoft.com/security/blog/2022/10/14/new-prestige-ransomware-impacts-organizations-in-ukraine-and-poland/
URL Provider
Details Provider Source level domain
Details microsoft.com www.microsoft.com
Attributes
Details Type #Events CTI Value
Details File 69 
comsvcs.dll
Details File 59 
ntdsutil.exe
Details File 18 
c:\windows\system32\net.exe
Details File 1 
changes.txt
Details File 2130 
cmd.exe
Details File 142 
wmiprvse.exe
Details File 12 
'rundll32.exe
Details File 2 
'comsvcs.dll
Details md5 1 
a32bbc5df4195de63ea06feb46cd6b55
Details sha256 1 
5dd1ca0d471dee41eb3ea0b6ea117810f228354fc3b7b47400a812573d40d91d
Details sha256 2 
5fc44c7342b84f50f24758e39c8848b2f0991e8817ef5465844f5f2ff6085a57
Details sha256 1 
6cff0bbd62efe99f381e5cc0c4182b0fb7a9a34e4be9ce68ee6b0d0ea3eee39c
Details IPv4 1442 
127.0.0.1
Details Deprecated Microsoft Threat Actor Naming Taxonomy (Groups in development) 12 
DEV-0960