Trusted Design

SAMSAM: THE DOCTOR WILL SEE YOU, AFTER HE PAYS THE RANSOM

概要

Cisco Talos is currently observing a widespread campaign leveraging the Samas/Samsam/MSIL.B/C ransomware variant. Unlike most ransomware, SamSam is not launched via user focused attack vectors, such as phishing campaigns and exploit kits. This particular family seems to be distributed via compromising servers and using them as a foothold to move laterally through the network to compromise additional machines which are then held for ransom. A particular focus appears to have been placed on the healthcare industry. Adversaries have been seen leveraging JexBoss, an open source tool for testing and exploiting JBoss application servers, to gain a foothold in the network. Once they have access to the network they proceed to encrypt multiple Windows systems using SamSam.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Cinnamon Tempest

Score: 6.38
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1588.002 - Tool
MITREへのリンク →

Medusa Group

Score: 22.96
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1570 - Lateral Tool Transfer
  • T1650 - Acquire Access
  • T1027.002 - Software Packing
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

menuPass

Score: 9.76
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1190 - Exploit Public-Facing Application
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1055.012 - Process Hollowing
MITREへのリンク →

INC Ransom

Score: 8.62
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Gamaredon Group

Score: 4.91
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1583.003 - Virtual Private Server
  • T1588.002 - Tool
MITREへのリンク →

APT32

Score: 9.96
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1550.003 - Pass the Ticket
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Mustang Panda

Score: 7.04
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1560.003 - Archive via Custom Method
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

MuddyWater

Score: 8.10
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1190 - Exploit Public-Facing Application
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Wizard Spider

Score: 7.37
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Leviathan

Score: 7.34
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
  • T1584.004 - Server
MITREへのリンク →

Velvet Ant

Score: 3.78
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

FIN7

Score: 13.74
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1190 - Exploit Public-Facing Application
  • T1674 - Input Injection
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1124 - System Time Discovery
MITREへのリンク →

GALLIUM

Score: 8.15
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1570 - Lateral Tool Transfer
  • T1027.002 - Software Packing
MITREへのリンク →

Volt Typhoon

Score: 16.10
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1007 - System Service Discovery
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1570 - Lateral Tool Transfer
  • T1027.002 - Software Packing
  • T1584.004 - Server
  • T1124 - System Time Discovery
MITREへのリンク →

Blue Mockingbird

Score: 3.86
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
MITREへのリンク →

Lazarus Group

Score: 16.08
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1560.003 - Archive via Custom Method
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1584.004 - Server
  • T1124 - System Time Discovery
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Lotus Blossom

Score: 5.54
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1560.003 - Archive via Custom Method
  • T1588.002 - Tool
MITREへのリンク →

Sandworm Team

Score: 10.42
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1584.004 - Server
MITREへのリンク →

Earth Lusca

Score: 14.42
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1007 - System Service Discovery
  • T1190 - Exploit Public-Facing Application
  • T1588.001 - Malware
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1584.004 - Server
MITREへのリンク →

Indrik Spider

Score: 6.90
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1007 - System Service Discovery
  • T1584.004 - Server
MITREへのリンク →

TA2541

Score: 10.05
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1055.012 - Process Hollowing
  • T1027.002 - Software Packing
MITREへのリンク →

Aquatic Panda

Score: 7.37
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1007 - System Service Discovery
  • T1588.001 - Malware
  • T1588.002 - Tool
MITREへのリンク →

APT29

Score: 19.41
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1190 - Exploit Public-Facing Application
  • T1550.003 - Pass the Ticket
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1651 - Cloud Administration Command
  • T1027.002 - Software Packing
MITREへのリンク →

OilRig

Score: 6.41
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1007 - System Service Discovery
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

FIN6

Score: 5.54
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1560.003 - Archive via Custom Method
  • T1588.002 - Tool
MITREへのリンク →

ToddyCat

Score: 3.01
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Threat Group-3390

Score: 17.44
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1055.012 - Process Hollowing
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

APT42

Score: 4.91
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1583.003 - Virtual Private Server
  • T1588.002 - Tool
MITREへのリンク →

Ember Bear

Score: 18.60
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1190 - Exploit Public-Facing Application
  • T1588.001 - Malware
  • T1583.003 - Virtual Private Server
  • T1210 - Exploitation of Remote Services
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1588.005 - Exploits
MITREへのリンク →

Chimera

Score: 9.74
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1007 - System Service Discovery
  • T1588.002 - Tool
  • T1570 - Lateral Tool Transfer
  • T1124 - System Time Discovery
MITREへのリンク →

BlackByte

Score: 10.92
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1190 - Exploit Public-Facing Application
  • T1583.003 - Virtual Private Server
  • T1055.012 - Process Hollowing
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

FIN13

Score: 6.38
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1588.002 - Tool
MITREへのリンク →

Magic Hound

Score: 9.72
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

APT41

Score: 9.64
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1027.002 - Software Packing
MITREへのリンク →

CopyKittens

Score: 4.00
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1588.002 - Tool
MITREへのリンク →

Kimsuky

Score: 23.29
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1007 - System Service Discovery
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1055.012 - Process Hollowing
  • T1598 - Phishing for Information
  • T1027.002 - Software Packing
  • T1588.005 - Exploits
MITREへのリンク →

UNC3886

Score: 17.53
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1190 - Exploit Public-Facing Application
  • T1588.001 - Malware
  • T1205.001 - Port Knocking
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1124 - System Time Discovery
MITREへのリンク →

BRONZE BUTLER

Score: 11.30
Matched TTPs:
  • T1007 - System Service Discovery
  • T1550.003 - Pass the Ticket
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1124 - System Time Discovery
MITREへのリンク →

TeamTNT

Score: 4.58
Matched TTPs:
  • T1007 - System Service Discovery
  • T1027.002 - Software Packing
MITREへのリンク →

Turla

Score: 13.49
Matched TTPs:
  • T1007 - System Service Discovery
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1570 - Lateral Tool Transfer
  • T1584.004 - Server
  • T1124 - System Time Discovery
MITREへのリンク →

Ke3chang

Score: 4.84
Matched TTPs:
  • T1007 - System Service Discovery
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
MITREへのリンク →

admin@338

Score: 4.02
Matched TTPs:
  • T1007 - System Service Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT1

Score: 5.83
Matched TTPs:
  • T1007 - System Service Discovery
  • T1588.001 - Malware
  • T1588.002 - Tool
MITREへのリンク →

Rocke

Score: 3.52
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1027.002 - Software Packing
MITREへのリンク →

APT28

Score: 25.73
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1583.003 - Virtual Private Server
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1598 - Phishing for Information
  • T1137.002 - Office Test
  • T1550.001 - Application Access Token
  • T1669 - Wi-Fi Networks
MITREへのリンク →

BackdoorDiplomacy

Score: 4.78
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.001 - Malware
  • T1588.002 - Tool
MITREへのリンク →

BlackTech

Score: 3.81
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Sea Turtle

Score: 6.34
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1583.003 - Virtual Private Server
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Storm-0501

Score: 10.18
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1556.009 - Conditional Access Policies
  • T1027.002 - Software Packing
MITREへのリンク →

Fox Kitten

Score: 4.22
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1210 - Exploitation of Remote Services
MITREへのリンク →

Agrius

Score: 3.71
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Winter Vivern

Score: 3.99
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1583.003 - Virtual Private Server
MITREへのリンク →

Dragonfly

Score: 11.91
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1583.003 - Virtual Private Server
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1584.004 - Server
MITREへのリンク →

Axiom

Score: 10.02
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1583.003 - Virtual Private Server
  • T1203 - Exploitation for Client Execution
  • T1001.002 - Steganography
MITREへのリンク →

Play

Score: 4.84
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1588.002 - Tool
MITREへのリンク →

HAFNIUM

Score: 8.13
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1583.003 - Virtual Private Server
  • T1550.001 - Application Access Token
MITREへのリンク →

APT39

Score: 4.37
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1027.002 - Software Packing
MITREへのリンク →

LuminousMoth

Score: 3.31
Matched TTPs:
  • T1588.001 - Malware
  • T1588.002 - Tool
MITREへのリンク →

LAPSUS$

Score: 5.83
Matched TTPs:
  • T1588.001 - Malware
  • T1583.003 - Virtual Private Server
  • T1588.002 - Tool
MITREへのリンク →

Metador

Score: 3.31
Matched TTPs:
  • T1588.001 - Malware
  • T1588.002 - Tool
MITREへのリンク →

Andariel

Score: 3.95
Matched TTPs:
  • T1588.001 - Malware
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

TA505

Score: 5.36
Matched TTPs:
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1027.002 - Software Packing
MITREへのリンク →

Scattered Spider

Score: 17.94
Matched TTPs:
  • T1588.001 - Malware
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1598 - Phishing for Information
  • T1556.009 - Conditional Access Policies
  • T1538 - Cloud Service Dashboard
MITREへのリンク →

CURIUM

Score: 5.12
Matched TTPs:
  • T1583.003 - Virtual Private Server
  • T1124 - System Time Discovery
MITREへのリンク →

Moonstone Sleet

Score: 5.96
Matched TTPs:
  • T1583.003 - Virtual Private Server
  • T1598 - Phishing for Information
MITREへのリンク →

Contagious Interview

Score: 5.90
Matched TTPs:
  • T1583.003 - Virtual Private Server
  • T1657 - Financial Theft
  • T1588.002 - Tool
MITREへのリンク →

PROMETHIUM

Score: 4.13
Matched TTPs:
  • T1205.001 - Port Knocking
MITREへのリンク →

Tonto Team

Score: 4.24
Matched TTPs:
  • T1210 - Exploitation of Remote Services
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

DarkVishnya

Score: 5.39
Matched TTPs:
  • T1588.002 - Tool
  • T1200 - Hardware Additions
MITREへのリンク →

BITTER

Score: 5.96
Matched TTPs:
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Storm-1811

Score: 3.08
Matched TTPs:
  • T1588.002 - Tool
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Patchwork

Score: 7.55
Matched TTPs:
  • T1588.002 - Tool
  • T1055.012 - Process Hollowing
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

FIN10

Score: 3.08
Matched TTPs:
  • T1588.002 - Tool
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Aoqin Dragon

Score: 6.63
Matched TTPs:
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1027.002 - Software Packing
MITREへのリンク →

APT38

Score: 11.06
Matched TTPs:
  • T1588.002 - Tool
  • T1027.002 - Software Packing
  • T1036.006 - Space after Filename
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Gorgon Group

Score: 4.00
Matched TTPs:
  • T1588.002 - Tool
  • T1055.012 - Process Hollowing
MITREへのリンク →

Tropic Trooper

Score: 5.12
Matched TTPs:
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Sidewinder

Score: 4.09
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1124 - System Time Discovery
MITREへのリンク →

Saint Bear

Score: 3.55
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

The White Company

Score: 6.14
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
  • T1124 - System Time Discovery
MITREへのリンク →

Higaisa

Score: 4.09
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1124 - System Time Discovery
MITREへのリンク →

APT37

Score: 5.12
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

APT3

Score: 3.55
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

Elderwood

Score: 3.55
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

Darkhotel

Score: 4.09
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1124 - System Time Discovery
MITREへのリンク →

ZIRCONIUM

Score: 8.08
Matched TTPs:
  • T1598 - Phishing for Information
  • T1027.002 - Software Packing
  • T1124 - System Time Discovery
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Medusa Group

Score: 0.80
Matched TTPs:
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1570 - Lateral Tool Transfer
  • T1608.002 - Upload Tool
  • T1047 - Windows Management Instrumentation
  • T1027.002 - Software Packing
  • T1190 - Exploit Public-Facing Application
  • T1650 - Acquire Access
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

APT28

Score: 0.80
Matched TTPs:
  • T1210 - Exploitation of Remote Services
  • T1598 - Phishing for Information
  • T1203 - Exploitation for Client Execution
  • T1588.002 - Tool
  • T1669 - Wi-Fi Networks
  • T1583.003 - Virtual Private Server
  • T1190 - Exploit Public-Facing Application
  • T1550.001 - Application Access Token
  • T1137.002 - Office Test
MITREへのリンク →

Kimsuky

Score: 0.72
Matched TTPs:
  • T1657 - Financial Theft
  • T1598 - Phishing for Information
  • T1588.002 - Tool
  • T1560.003 - Archive via Custom Method
  • T1027.002 - Software Packing
  • T1055.012 - Process Hollowing
  • T1588.005 - Exploits
  • T1190 - Exploit Public-Facing Application
  • T1007 - System Service Discovery
MITREへのリンク →

APT29

Score: 0.61
Matched TTPs:
  • T1651 - Cloud Administration Command
  • T1203 - Exploitation for Client Execution
  • T1550.003 - Pass the Ticket
  • T1588.002 - Tool
  • T1047 - Windows Management Instrumentation
  • T1027.002 - Software Packing
  • T1190 - Exploit Public-Facing Application
  • T1573 - Encrypted Channel
MITREへのリンク →

Scattered Spider

Score: 0.61
Matched TTPs:
  • T1657 - Financial Theft
  • T1598 - Phishing for Information
  • T1588.002 - Tool
  • T1556.009 - Conditional Access Policies
  • T1588.001 - Malware
  • T1538 - Cloud Service Dashboard
MITREへのリンク →

UNC3886

Score: 0.59
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1205.001 - Port Knocking
  • T1560.003 - Archive via Custom Method
  • T1570 - Lateral Tool Transfer
  • T1190 - Exploit Public-Facing Application
  • T1588.001 - Malware
  • T1124 - System Time Discovery
MITREへのリンク →

Threat Group-3390

Score: 0.58
Matched TTPs:
  • T1210 - Exploitation of Remote Services
  • T1203 - Exploitation for Client Execution
  • T1588.002 - Tool
  • T1608.002 - Upload Tool
  • T1047 - Windows Management Instrumentation
  • T1027.002 - Software Packing
  • T1055.012 - Process Hollowing
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Ember Bear

Score: 0.58
Matched TTPs:
  • T1210 - Exploitation of Remote Services
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1047 - Windows Management Instrumentation
  • T1583.003 - Virtual Private Server
  • T1588.005 - Exploits
  • T1190 - Exploit Public-Facing Application
  • T1588.001 - Malware
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る