BTC $66491.5139
ETH $3184.3983
BNB $601.6419
SOL $155.6108
stETH $3185.1637
XRP $0.5495
DOGE $0.1586
TON $5.8776
ADA $0.5099
AVAX $38.8942
wstETH $3708.0998
WBTC $66518.7062
DOT $7.3764
WETH $3184.7962
TRX $0.1114
BCH $512.3077
LINK $15.4337
MATIC $0.7334
UNI $8.1252
ICP $14.9003
LTC $84.7276
DAI $0.9990
CAKE $2.9972
RNDR $9.1863
IMX $2.3935
STX $3.0458
NEAR $6.9983
ETC $28.0765
FDUSD $1.0009
MNT $1.2093
FIL $6.5339
TAO $511.7762
OKB $54.7486
HBAR $0.0893
VET $0.0421
KAS $0.1250
ATOM $8.8532
GRT $0.3029
PEPE $0.0000
WIF $2.8536
FET $2.4350
MKR $2854.7795
INJ $28.3839
THETA $2.3975
USDE $0.9992
XLM $0.1167
CORE $2.5851
BTC $66491.5139
ETH $3184.3983
BNB $601.6419
SOL $155.6108
stETH $3185.1637
XRP $0.5495
DOGE $0.1586
TON $5.8776
ADA $0.5099
AVAX $38.8942
wstETH $3708.0998
WBTC $66518.7062
DOT $7.3764
WETH $3184.7962
TRX $0.1114
BCH $512.3077
LINK $15.4337
MATIC $0.7334
UNI $8.1252
ICP $14.9003
LTC $84.7276
DAI $0.9990
CAKE $2.9972
RNDR $9.1863
IMX $2.3935
STX $3.0458
NEAR $6.9983
ETC $28.0765
FDUSD $1.0009
MNT $1.2093
FIL $6.5339
TAO $511.7762
OKB $54.7486
HBAR $0.0893
VET $0.0421
KAS $0.1250
ATOM $8.8532
GRT $0.3029
PEPE $0.0000
WIF $2.8536
FET $2.4350
MKR $2854.7795
INJ $28.3839
THETA $2.3975
USDE $0.9992
XLM $0.1167
CORE $2.5851
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Previously unknown ransomware targets arms suppliers for Ukraine


    In mid-October, Microsoft Threat Intelligence Center (MSTIC) researchers discovered a previously unknown ransomware called Prestige that was used to attack organizations in the transportation and logistics industries in Ukraine and Poland.

    The Prestige ransomware was first discovered on October 11 in the form of attacks that occurred at 1-hour intervals for all victims. A notable feature of this campaign is that the attackers do not try to introduce ransomware into the networks of Ukrainian enterprises.

    MSTIC attributed the campaign to the cyber-espionage group Sandworm. The researchers observed a C&C server infrastructure based on dynamic DNS domains masquerading as Ukrainian telecom providers. Microsoft attributed the attacks to Sandworm based on forensic artifacts, victim matches, TTPs, and the group's infrastructure.

    According to MSTIC, the Prestige campaign targets organizations that provide humanitarian or military aid to Ukraine. In other words, many companies in Eastern Europe are under threat.

    The attackers used 3 methods to deploy the Prestige ransomware:

    • The ransomware payload is copied to the remote system's "ADMIN$" share, and the "Impacket" reconnaissance tool is used to remotely create a Windows scheduled task to execute the payload.
    • The Prestige payload is copied to the "ADMIN$" shared folder, and "Impacket" is used to remotely invoke an encoded PowerShell command to execute the payload.
    • The Prestige payload is copied to the Active Directory domain controller and deployed to the system using the default domain GPO.

    Since August 2022, researchers from Recorded Future have observed the development of the Sandworm C&C infrastructure, which has switched to dynamic DNS domains masquerading as Ukrainian telecom providers. According to experts monitoring the group's activities, the latest malware campaigns are aimed at infecting critical Ukrainian systems with malicious Colibri Loader and Warzone RAT.

    Author DeepWeb
    The golden mean of ecstasy
    The stoned ape theory

    Comments 0

    Add comment