Trusted Design

The MeDoc Connection

概要

The Nyetya attack was a destructive ransomware variant that affected many organizations inside of Ukraine and multinational corporations with operations in Ukraine. In cooperation with Cisco Advanced Services Incident Response, Talos identified several key aspects of the attack. The investigation found a supply chain-focused attack at M.E.Doc software that delivered a destructive payload disguised as ransomware. By utilizing stolen credentials, the actor was able to manipulate the update server for M.E.Doc to proxy connections to an actor-controlled server. Based on the findings, Talos remains confident that the attack was destructive in nature. The effects were broad reaching, with Ukraine Cyber police confirming over 2000 affected companies in Ukraine alone.

Created: 2026-02-23

Indicators

類似Pulses

Malicious Code Analysis on Ukraine's Power Grid Incident (score: 0.61)
Fidelis Threat Advisory #1017: Phishing in Plain Sight (score: 0.59)
WanaCrypt0r Ransomworm (score: 0.59)
SAMSAM: THE DOCTOR WILL SEE YOU, AFTER HE PAYS THE RANSOM (score: 0.59)
FBI Flash MC-000070-MW (score: 0.59)

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 14.95

Matched TTPs:

T1033 - System Owner/User Discovery
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1552.003 - Shell History
T1008 - Fallback Channels
T1490 - Inhibit System Recovery

MITREへのリンク →

Sea Turtle

Score: 9.92

Matched TTPs:

T1033 - System Owner/User Discovery
T1140 - Deobfuscate/Decode Files or Information
T1122 - Component Object Model Hijacking
T1490 - Inhibit System Recovery

MITREへのリンク →

Ember Bear

Score: 14.94

Matched TTPs:

T1033 - System Owner/User Discovery
T1564.008 - Email Hiding Rules
T1005 - Data from Local System
T1140 - Deobfuscate/Decode Files or Information
T1136.002 - Domain Account

MITREへのリンク →

Indrik Spider

Score: 5.37

Matched TTPs:

T1033 - System Owner/User Discovery
T1027 - Obfuscated Files or Information

MITREへのリンク →

Agrius

Score: 4.50

Matched TTPs:

T1033 - System Owner/User Discovery
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

Contagious Interview

Score: 11.66

Matched TTPs:

T1033 - System Owner/User Discovery
T1091 - Replication Through Removable Media
T1021.006 - Windows Remote Management
T1552.003 - Shell History

MITREへのリンク →

Sandworm Team

Score: 27.01

Matched TTPs:

T1033 - System Owner/User Discovery
T1564.008 - Email Hiding Rules
T1091 - Replication Through Removable Media
T1005 - Data from Local System
T1140 - Deobfuscate/Decode Files or Information
T1193 - Spearphishing Attachment
T1049 - System Network Connections Discovery
T1122 - Component Object Model Hijacking
T1027 - Obfuscated Files or Information

MITREへのリンク →

Star Blizzard

Score: 5.01

Matched TTPs:

T1033 - System Owner/User Discovery
T1091 - Replication Through Removable Media

MITREへのリンク →

TA2541

Score: 4.43

Matched TTPs:

T1091 - Replication Through Removable Media
T1136.002 - Domain Account

MITREへのリンク →

Earth Lusca

Score: 5.90

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1136.002 - Domain Account

MITREへのリンク →

LuminousMoth

Score: 4.43

Matched TTPs:

T1091 - Replication Through Removable Media
T1136.002 - Domain Account

MITREへのリンク →

OilRig

Score: 9.44

Matched TTPs:

T1091 - Replication Through Removable Media
T1005 - Data from Local System
T1556.009 - Conditional Access Policies

MITREへのリンク →

LazyScripter

Score: 4.43

Matched TTPs:

T1091 - Replication Through Removable Media
T1136.002 - Domain Account

MITREへのリンク →

Threat Group-3390

Score: 6.19

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1122 - Component Object Model Hijacking

MITREへのリンク →

TA505

Score: 6.77

Matched TTPs:

T1091 - Replication Through Removable Media
T1136.002 - Domain Account
T1027 - Obfuscated Files or Information

MITREへのリンク →

BlackByte

Score: 8.18

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1027 - Obfuscated Files or Information
T1027.007 - Dynamic API Resolution

MITREへのリンク →

APT32

Score: 7.04

Matched TTPs:

T1091 - Replication Through Removable Media
T1027.007 - Dynamic API Resolution
T1490 - Inhibit System Recovery

MITREへのリンク →

Moonstone Sleet

Score: 6.71

Matched TTPs:

T1091 - Replication Through Removable Media
T1027 - Obfuscated Files or Information
T1027.007 - Dynamic API Resolution

MITREへのリンク →

FIN7

Score: 10.85

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1027 - Obfuscated Files or Information
T1027.007 - Dynamic API Resolution
T1490 - Inhibit System Recovery

MITREへのリンク →

Rocke

Score: 4.76

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1008 - Fallback Channels

MITREへのリンク →

Volt Typhoon

Score: 5.09

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1049 - System Network Connections Discovery

MITREへのリンク →

APT28

Score: 12.89

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1078.001 - Default Accounts
T1122 - Component Object Model Hijacking
T1566.003 - Spearphishing via Service

MITREへのリンク →

BackdoorDiplomacy

Score: 3.93

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1136.002 - Domain Account

MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.22

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1122 - Component Object Model Hijacking

MITREへのリンク →

FIN13

Score: 3.99

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1552.003 - Shell History

MITREへのリンク →

Magic Hound

Score: 3.81

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1027 - Obfuscated Files or Information

MITREへのリンク →

Medusa Group

Score: 13.27

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1552.003 - Shell History
T1027 - Obfuscated Files or Information
T1598 - Phishing for Information
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Storm-0501

Score: 6.33

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1552.003 - Shell History
T1027 - Obfuscated Files or Information

MITREへのリンク →

Cinnamon Tempest

Score: 3.99

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1552.003 - Shell History

MITREへのリンク →

Ke3chang

Score: 3.87

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1027.007 - Dynamic API Resolution

MITREへのリンク →

menuPass

Score: 4.22

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1122 - Component Object Model Hijacking

MITREへのリンク →

Blue Mockingbird

Score: 3.87

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1027.007 - Dynamic API Resolution

MITREへのリンク →

APT29

Score: 6.88

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1122 - Component Object Model Hijacking
T1490 - Inhibit System Recovery

MITREへのリンク →

INC Ransom

Score: 8.73

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1552.003 - Shell History
T1027 - Obfuscated Files or Information
T1027.007 - Dynamic API Resolution

MITREへのリンク →

UNC3886

Score: 8.06

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1021.006 - Windows Remote Management
T1136.002 - Domain Account

MITREへのリンク →

Dragonfly

Score: 5.31

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1193 - Spearphishing Attachment

MITREへのリンク →

Axiom

Score: 9.63

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1049 - System Network Connections Discovery
T1160 - Launch Daemon

MITREへのリンク →

APT41

Score: 9.49

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1027 - Obfuscated Files or Information
T1027.007 - Dynamic API Resolution
T1008 - Fallback Channels

MITREへのリンク →

Play

Score: 6.66

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1552.003 - Shell History
T1490 - Inhibit System Recovery

MITREへのリンク →

HAFNIUM

Score: 14.35

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1049 - System Network Connections Discovery
T1122 - Component Object Model Hijacking
T1210 - Exploitation of Remote Services
T1490 - Inhibit System Recovery

MITREへのリンク →

APT39

Score: 3.87

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1027.007 - Dynamic API Resolution

MITREへのリンク →

LAPSUS$

Score: 9.05

Matched TTPs:

T1193 - Spearphishing Attachment
T1136.002 - Domain Account
T1122 - Component Object Model Hijacking

MITREへのリンク →

Turla

Score: 8.75

Matched TTPs:

T1136.002 - Domain Account
T1556.009 - Conditional Access Policies
T1490 - Inhibit System Recovery

MITREへのリンク →

Scattered Spider

Score: 11.17

Matched TTPs:

T1136.002 - Domain Account
T1552.003 - Shell History
T1210 - Exploitation of Remote Services
T1027 - Obfuscated Files or Information

MITREへのリンク →

Akira

Score: 4.86

Matched TTPs:

T1552.003 - Shell History
T1027 - Obfuscated Files or Information

MITREへのリンク →

Water Galura

Score: 4.86

Matched TTPs:

T1552.003 - Shell History
T1027 - Obfuscated Files or Information

MITREへのリンク →

Lazarus Group

Score: 3.84

Matched TTPs:

T1210 - Exploitation of Remote Services

MITREへのリンク →

APT38

Score: 4.74

Matched TTPs:

T1027 - Obfuscated Files or Information
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Stealth Falcon

Score: 3.62

Matched TTPs:

T1556.009 - Conditional Access Policies

MITREへのリンク →

Wizard Spider

Score: 6.02

Matched TTPs:

T1556.009 - Conditional Access Policies
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Velvet Ant

Score: 9.20

Matched TTPs:

T1027.007 - Dynamic API Resolution
T1490 - Inhibit System Recovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

RTM

Score: 3.29

Matched TTPs:

T1008 - Fallback Channels

MITREへのリンク →

BRONZE BUTLER

Score: 3.29

Matched TTPs:

T1008 - Fallback Channels

MITREへのリンク →

Patchwork

Score: 3.29

Matched TTPs:

T1008 - Fallback Channels

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.83

Matched TTPs:

T1122 - Component Object Model Hijacking
T1033 - System Owner/User Discovery
T1049 - System Network Connections Discovery
T1091 - Replication Through Removable Media
T1005 - Data from Local System
T1564.008 - Email Hiding Rules
T1193 - Spearphishing Attachment
T1027 - Obfuscated Files or Information
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る