New “Prestige” ransomware impacts organizations in Ukraine and Poland

The Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a novel ransomware campaign targeting organizations in the transportation and related logistics industries in Ukraine and Poland utilizing a previously unidentified ransomware payload.

REFERENCE: https://www.microsoft.com/en-us/security/blog/2022/10/14/new-prestige-ransomware-impacts-organizations-in-ukraine-and-poland/

TAGS: prestige, iridium, impacket, hermeticwiper, ransomware, remoteexec, wmiexec, psexec, foxblade, winpeas

ADVERSARY: IRIDIUM

MALWARE FAMILIES: HermeticWiper, Foxblade

ATT&CK IDS: T1003.001 - LSASS Memory, T1485 - Data Destruction, T1047 - Windows Management Instrumentation, TA0004 - Privilege Escalation, T1486 - Data Encrypted for Impact

Read More:

https://otx.alienvault.com/pulse/636d848b2ab04b734900ac62