Trusted Design

Microsoft Windows & Samba spoofing authenticated users "Badlock"

概要

An elevation of privilege vulnerability exists in the Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD) remote protocols when they accept authentication levels that do not protect the RPC channel adequately. The vulnerability is caused by the way the SAM and LSAD remote protocols establish the Remote Procedure Call (RPC) channel. An attacker who successfully exploited this vulnerability could gain access to the SAM database. To exploit the vulnerability, an attacker could launch a man-in-the-middle (MiTM) attack, force a downgrade of the authentication level of the RPC channel, and then impersonate an authenticated user.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

Cisco default credentials - again! (score: 0.46)
Unknown Brute force windows logon attack 173.194.132.77 (score: 0.44)
Synology NAS servers contain insecure default credentials (score: 0.42)
MajikPOS Combines PoS Malware and RATs to Pull Off its Malicious Tricks (score: 0.38)
Unsupported TeamViewer Versions Exploited For Backdoors, Keylogging (score: 0.37)

このPulseに関連する脅威アクター (事実ベース)

APT38

Score: 5.14

Matched TTPs:

T1568.002 - Domain Generation Algorithms
T1027.007 - Dynamic API Resolution

MITREへのリンク →

MuddyWater

Score: 7.55

Matched TTPs:

T1568.002 - Domain Generation Algorithms
T1178 - SID-History Injection
T1087.004 - Cloud Account

MITREへのリンク →

Cobalt Group

Score: 4.39

Matched TTPs:

T1568.002 - Domain Generation Algorithms
T1622 - Debugger Evasion

MITREへのリンク →

Earth Lusca

Score: 6.37

Matched TTPs:

T1568.002 - Domain Generation Algorithms
T1564.001 - Hidden Files and Directories

MITREへのリンク →

Threat Group-3390

Score: 10.16

Matched TTPs:

T1568.002 - Domain Generation Algorithms
T1178 - SID-History Injection
T1157 - Dylib Hijacking
T1001 - Data Obfuscation

MITREへのリンク →

Patchwork

Score: 7.55

Matched TTPs:

T1568.002 - Domain Generation Algorithms
T1001 - Data Obfuscation
T1622 - Debugger Evasion

MITREへのリンク →

Medusa Group

Score: 8.22

Matched TTPs:

T1568.002 - Domain Generation Algorithms
T1157 - Dylib Hijacking
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution

MITREへのリンク →

APT29

Score: 9.67

Matched TTPs:

T1568.002 - Domain Generation Algorithms
T1178 - SID-History Injection
T1157 - Dylib Hijacking
T1490 - Inhibit System Recovery

MITREへのリンク →

OilRig

Score: 14.78

Matched TTPs:

T1178 - SID-History Injection
T1157 - Dylib Hijacking
T1055.012 - Process Hollowing
T1166 - Setuid and Setgid
T1622 - Debugger Evasion
T1556 - Modify Authentication Process

MITREへのリンク →

APT33

Score: 7.00

Matched TTPs:

T1178 - SID-History Injection
T1157 - Dylib Hijacking
T1556 - Modify Authentication Process

MITREへのリンク →

menuPass

Score: 9.06

Matched TTPs:

T1178 - SID-History Injection
T1157 - Dylib Hijacking
T1001 - Data Obfuscation
T1622 - Debugger Evasion

MITREへのリンク →

Dragonfly

Score: 16.81

Matched TTPs:

T1178 - SID-History Injection
T1536 - Revert Cloud Instance
T1157 - Dylib Hijacking
T1531 - Account Access Removal
T1578.002 - Create Cloud Instance
T1622 - Debugger Evasion

MITREへのリンク →

Ember Bear

Score: 10.41

Matched TTPs:

T1178 - SID-History Injection
T1656 - Impersonation
T1003.003 - NTDS

MITREへのリンク →

Ke3chang

Score: 10.56

Matched TTPs:

T1178 - SID-History Injection
T1032 - Standard Cryptographic Protocol
T1087.004 - Cloud Account
T1157 - Dylib Hijacking
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Sandworm Team

Score: 11.46

Matched TTPs:

T1686.003 - Windows Host Firewall
T1032 - Standard Cryptographic Protocol
T1087.004 - Cloud Account
T1157 - Dylib Hijacking
T1166 - Setuid and Setgid

MITREへのリンク →

Volt Typhoon

Score: 9.20

Matched TTPs:

T1686.003 - Windows Host Firewall
T1157 - Dylib Hijacking
T1166 - Setuid and Setgid
T1622 - Debugger Evasion

MITREへのリンク →

Storm-0501

Score: 7.47

Matched TTPs:

T1686.003 - Windows Host Firewall
T1564.001 - Hidden Files and Directories

MITREへのリンク →

APT41

Score: 10.56

Matched TTPs:

T1536 - Revert Cloud Instance
T1032 - Standard Cryptographic Protocol
T1157 - Dylib Hijacking
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution

MITREへのリンク →

APT3

Score: 14.62

Matched TTPs:

T1536 - Revert Cloud Instance
T1032 - Standard Cryptographic Protocol
T1087.004 - Cloud Account
T1166 - Setuid and Setgid
T1578.002 - Create Cloud Instance
T1622 - Debugger Evasion

MITREへのリンク →

Magic Hound

Score: 13.99

Matched TTPs:

T1536 - Revert Cloud Instance
T1166 - Setuid and Setgid
T1578.002 - Create Cloud Instance
T1622 - Debugger Evasion
T1053.002 - At

MITREへのリンク →

APT5

Score: 7.09

Matched TTPs:

T1536 - Revert Cloud Instance
T1166 - Setuid and Setgid
T1622 - Debugger Evasion

MITREへのリンク →

FIN13

Score: 13.94

Matched TTPs:

T1536 - Revert Cloud Instance
T1032 - Standard Cryptographic Protocol
T1622 - Debugger Evasion
T1105 - Ingress Tool Transfer
T1686.001 - Cloud Firewall

MITREへのリンク →

Kimsuky

Score: 23.45

Matched TTPs:

T1536 - Revert Cloud Instance
T1087.004 - Cloud Account
T1001 - Data Obfuscation
T1656 - Impersonation
T1622 - Debugger Evasion
T1003.003 - NTDS
T1053.002 - At
T1490 - Inhibit System Recovery

MITREへのリンク →

Threat Group-1314

Score: 4.22

Matched TTPs:

T1032 - Standard Cryptographic Protocol
T1166 - Setuid and Setgid

MITREへのリンク →

Aquatic Panda

Score: 5.87

Matched TTPs:

T1032 - Standard Cryptographic Protocol
T1166 - Setuid and Setgid
T1622 - Debugger Evasion

MITREへのリンク →

Wizard Spider

Score: 14.41

Matched TTPs:

T1032 - Standard Cryptographic Protocol
T1087.004 - Cloud Account
T1157 - Dylib Hijacking
T1166 - Setuid and Setgid
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution
T1556 - Modify Authentication Process

MITREへのリンク →

Turla

Score: 8.45

Matched TTPs:

T1032 - Standard Cryptographic Protocol
T1055.012 - Process Hollowing
T1490 - Inhibit System Recovery

MITREへのリンク →

Chimera

Score: 20.05

Matched TTPs:

T1032 - Standard Cryptographic Protocol
T1087.004 - Cloud Account
T1157 - Dylib Hijacking
T1055.012 - Process Hollowing
T1166 - Setuid and Setgid
T1059.003 - Windows Command Shell
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Fox Kitten

Score: 8.45

Matched TTPs:

T1032 - Standard Cryptographic Protocol
T1157 - Dylib Hijacking
T1656 - Impersonation
T1622 - Debugger Evasion

MITREへのリンク →

Play

Score: 8.31

Matched TTPs:

T1032 - Standard Cryptographic Protocol
T1157 - Dylib Hijacking
T1166 - Setuid and Setgid
T1490 - Inhibit System Recovery

MITREへのリンク →

ToddyCat

Score: 4.22

Matched TTPs:

T1032 - Standard Cryptographic Protocol
T1166 - Setuid and Setgid

MITREへのリンク →

FIN8

Score: 7.75

Matched TTPs:

T1032 - Standard Cryptographic Protocol
T1157 - Dylib Hijacking
T1622 - Debugger Evasion
T1556 - Modify Authentication Process

MITREへのリンク →

Blue Mockingbird

Score: 5.98

Matched TTPs:

T1032 - Standard Cryptographic Protocol
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution

MITREへのリンク →

APT32

Score: 14.38

Matched TTPs:

T1032 - Standard Cryptographic Protocol
T1087.004 - Cloud Account
T1105 - Ingress Tool Transfer
T1027.007 - Dynamic API Resolution
T1556 - Modify Authentication Process
T1490 - Inhibit System Recovery

MITREへのリンク →

Cinnamon Tempest

Score: 5.65

Matched TTPs:

T1032 - Standard Cryptographic Protocol
T1157 - Dylib Hijacking
T1166 - Setuid and Setgid

MITREへのリンク →

BlackByte

Score: 14.82

Matched TTPs:

T1032 - Standard Cryptographic Protocol
T1087.004 - Cloud Account
T1157 - Dylib Hijacking
T1001 - Data Obfuscation
T1166 - Setuid and Setgid
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Velvet Ant

Score: 11.13

Matched TTPs:

T1032 - Standard Cryptographic Protocol
T1027.007 - Dynamic API Resolution
T1490 - Inhibit System Recovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

Lazarus Group

Score: 16.24

Matched TTPs:

T1032 - Standard Cryptographic Protocol
T1087.004 - Cloud Account
T1157 - Dylib Hijacking
T1567.002 - Exfiltration to Cloud Storage
T1622 - Debugger Evasion
T1105 - Ingress Tool Transfer
T1556 - Modify Authentication Process

MITREへのリンク →

APT39

Score: 9.38

Matched TTPs:

T1032 - Standard Cryptographic Protocol
T1087.004 - Cloud Account
T1157 - Dylib Hijacking
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution

MITREへのリンク →

APT28

Score: 23.37

Matched TTPs:

T1032 - Standard Cryptographic Protocol
T1157 - Dylib Hijacking
T1105 - Ingress Tool Transfer
T1055.008 - Ptrace System Calls
T1564.004 - NTFS File Attributes
T1546.007 - Netsh Helper DLL
T1566.003 - Spearphishing via Service

MITREへのリンク →

Storm-1811

Score: 5.56

Matched TTPs:

T1032 - Standard Cryptographic Protocol
T1578.002 - Create Cloud Instance

MITREへのリンク →

Mustang Panda

Score: 19.39

Matched TTPs:

T1136.001 - Local Account
T1087.004 - Cloud Account
T1567.002 - Exfiltration to Cloud Storage
T1105 - Ingress Tool Transfer
T1564.001 - Hidden Files and Directories
T1556 - Modify Authentication Process

MITREへのリンク →

Scattered Spider

Score: 14.12

Matched TTPs:

T1087.004 - Cloud Account
T1157 - Dylib Hijacking
T1027.005 - Indicator Removal from Tools
T1027.002 - Software Packing
T1622 - Debugger Evasion

MITREへのリンク →

LuminousMoth

Score: 4.64

Matched TTPs:

T1087.004 - Cloud Account
T1105 - Ingress Tool Transfer

MITREへのリンク →

GALLIUM

Score: 3.40

Matched TTPs:

T1087.004 - Cloud Account
T1157 - Dylib Hijacking

MITREへのリンク →

Higaisa

Score: 5.82

Matched TTPs:

T1087.004 - Cloud Account
T1567.002 - Exfiltration to Cloud Storage

MITREへのリンク →

Contagious Interview

Score: 8.16

Matched TTPs:

T1087.004 - Cloud Account
T1656 - Impersonation
T1556 - Modify Authentication Process

MITREへのリンク →

Agrius

Score: 5.91

Matched TTPs:

T1087.004 - Cloud Account
T1166 - Setuid and Setgid
T1622 - Debugger Evasion

MITREへのリンク →

Leviathan

Score: 5.05

Matched TTPs:

T1087.004 - Cloud Account
T1157 - Dylib Hijacking
T1622 - Debugger Evasion

MITREへのリンク →

UNC3886

Score: 5.96

Matched TTPs:

T1606 - Forge Web Credentials
T1157 - Dylib Hijacking

MITREへのリンク →

FIN7

Score: 10.80

Matched TTPs:

T1157 - Dylib Hijacking
T1622 - Debugger Evasion
T1105 - Ingress Tool Transfer
T1027.007 - Dynamic API Resolution
T1490 - Inhibit System Recovery

MITREへのリンク →

Akira

Score: 7.20

Matched TTPs:

T1157 - Dylib Hijacking
T1601 - Modify System Image
T1622 - Debugger Evasion

MITREへのリンク →

LAPSUS$

Score: 9.18

Matched TTPs:

T1157 - Dylib Hijacking
T1601 - Modify System Image
T1564.001 - Hidden Files and Directories

MITREへのリンク →

Axiom

Score: 12.15

Matched TTPs:

T1157 - Dylib Hijacking
T1189 - Drive-by Compromise
T1622 - Debugger Evasion
T1160 - Launch Daemon

MITREへのリンク →

Indrik Spider

Score: 5.36

Matched TTPs:

T1157 - Dylib Hijacking
T1166 - Setuid and Setgid
T1622 - Debugger Evasion

MITREへのリンク →

Silence

Score: 5.47

Matched TTPs:

T1157 - Dylib Hijacking
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution

MITREへのリンク →

FIN10

Score: 5.74

Matched TTPs:

T1157 - Dylib Hijacking
T1622 - Debugger Evasion
T1490 - Inhibit System Recovery

MITREへのリンク →

INC Ransom

Score: 5.47

Matched TTPs:

T1157 - Dylib Hijacking
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution

MITREへのリンク →

FIN6

Score: 8.22

Matched TTPs:

T1157 - Dylib Hijacking
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution
T1556 - Modify Authentication Process

MITREへのリンク →

Sea Turtle

Score: 4.09

Matched TTPs:

T1157 - Dylib Hijacking
T1490 - Inhibit System Recovery

MITREへのリンク →

Gorgon Group

Score: 3.15

Matched TTPs:

T1001 - Data Obfuscation

MITREへのリンク →

TA2541

Score: 3.15

Matched TTPs:

T1001 - Data Obfuscation

MITREへのリンク →

DarkHydrus

Score: 4.13

Matched TTPs:

T1531 - Account Access Removal

MITREへのリンク →

APT17

Score: 3.44

Matched TTPs:

T1656 - Impersonation

MITREへのリンク →

APT1

Score: 4.93

Matched TTPs:

T1622 - Debugger Evasion
T1053.002 - At

MITREへのリンク →

Tropic Trooper

Score: 5.33

Matched TTPs:

T1105 - Ingress Tool Transfer
T1490 - Inhibit System Recovery

MITREへのリンク →

Transparent Tribe

Score: 5.95

Matched TTPs:

T1105 - Ingress Tool Transfer
T1053.002 - At

MITREへのリンク →

HAFNIUM

Score: 9.46

Matched TTPs:

T1105 - Ingress Tool Transfer
T1055.008 - Ptrace System Calls
T1490 - Inhibit System Recovery

MITREへのリンク →

SideCopy

Score: 3.29

Matched TTPs:

T1053.002 - At

MITREへのリンク →

Mustard Tempest

Score: 3.29

Matched TTPs:

T1053.002 - At

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.75

Matched TTPs:

T1003.003 - NTDS
T1490 - Inhibit System Recovery
T1001 - Data Obfuscation
T1656 - Impersonation
T1087.004 - Cloud Account
T1622 - Debugger Evasion
T1053.002 - At
T1536 - Revert Cloud Instance

MITREへのリンク →

APT28

Score: 0.74

Matched TTPs:

T1564.004 - NTFS File Attributes
T1055.008 - Ptrace System Calls
T1032 - Standard Cryptographic Protocol
T1157 - Dylib Hijacking
T1566.003 - Spearphishing via Service
T1546.007 - Netsh Helper DLL
T1105 - Ingress Tool Transfer

MITREへのリンク →

Chimera

Score: 0.63

Matched TTPs:

T1622 - Debugger Evasion
T1059.003 - Windows Command Shell
T1027.007 - Dynamic API Resolution
T1055.012 - Process Hollowing
T1032 - Standard Cryptographic Protocol
T1157 - Dylib Hijacking
T1087.004 - Cloud Account
T1166 - Setuid and Setgid

MITREへのリンク →

Mustang Panda

Score: 0.62

Matched TTPs:

T1564.001 - Hidden Files and Directories
T1567.002 - Exfiltration to Cloud Storage
T1087.004 - Cloud Account
T1136.001 - Local Account
T1105 - Ingress Tool Transfer
T1556 - Modify Authentication Process

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る