Trusted Design

Microsoft Windows & Samba spoofing authenticated users "Badlock"

概要

An elevation of privilege vulnerability exists in the Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD) remote protocols when they accept authentication levels that do not protect the RPC channel adequately. The vulnerability is caused by the way the SAM and LSAD remote protocols establish the Remote Procedure Call (RPC) channel. An attacker who successfully exploited this vulnerability could gain access to the SAM database. To exploit the vulnerability, an attacker could launch a man-in-the-middle (MiTM) attack, force a downgrade of the authentication level of the RPC channel, and then impersonate an authenticated user.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

Cisco default credentials - again! (score: 0.46)
Unknown Brute force windows logon attack 173.194.132.77 (score: 0.44)
Synology NAS servers contain insecure default credentials (score: 0.42)
MajikPOS Combines PoS Malware and RATs to Pull Off its Malicious Tricks (score: 0.38)
Unsupported TeamViewer Versions Exploited For Backdoors, Keylogging (score: 0.37)

このPulseに関連する脅威アクター (事実ベース)

APT38

Score: 5.14

Matched TTPs:

T1548.002 - Bypass User Account Control
T1569.002 - Service Execution

MITREへのリンク →

MuddyWater

Score: 7.55

Matched TTPs:

T1548.002 - Bypass User Account Control
T1003.004 - LSA Secrets
T1041 - Exfiltration Over C2 Channel

MITREへのリンク →

Cobalt Group

Score: 4.39

Matched TTPs:

T1548.002 - Bypass User Account Control
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Earth Lusca

Score: 6.37

Matched TTPs:

T1548.002 - Bypass User Account Control
T1003.006 - DCSync

MITREへのリンク →

Threat Group-3390

Score: 10.16

Matched TTPs:

T1548.002 - Bypass User Account Control
T1003.004 - LSA Secrets
T1078 - Valid Accounts
T1055.012 - Process Hollowing

MITREへのリンク →

Patchwork

Score: 7.55

Matched TTPs:

T1548.002 - Bypass User Account Control
T1055.012 - Process Hollowing
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Medusa Group

Score: 8.22

Matched TTPs:

T1548.002 - Bypass User Account Control
T1078 - Valid Accounts
T1021.001 - Remote Desktop Protocol
T1569.002 - Service Execution

MITREへのリンク →

APT29

Score: 9.67

Matched TTPs:

T1548.002 - Bypass User Account Control
T1003.004 - LSA Secrets
T1078 - Valid Accounts
T1078.003 - Local Accounts

MITREへのリンク →

OilRig

Score: 14.78

Matched TTPs:

T1003.004 - LSA Secrets
T1078 - Valid Accounts
T1201 - Password Policy Discovery
T1078.002 - Domain Accounts
T1021.001 - Remote Desktop Protocol
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

APT33

Score: 7.00

Matched TTPs:

T1003.004 - LSA Secrets
T1078 - Valid Accounts
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

menuPass

Score: 9.06

Matched TTPs:

T1003.004 - LSA Secrets
T1078 - Valid Accounts
T1055.012 - Process Hollowing
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Dragonfly

Score: 16.81

Matched TTPs:

T1003.004 - LSA Secrets
T1098.007 - Additional Local or Domain Groups
T1078 - Valid Accounts
T1187 - Forced Authentication
T1036.010 - Masquerade Account Name
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Ember Bear

Score: 10.41

Matched TTPs:

T1003.004 - LSA Secrets
T1585 - Establish Accounts
T1588.005 - Exploits

MITREへのリンク →

Ke3chang

Score: 10.56

Matched TTPs:

T1003.004 - LSA Secrets
T1021.002 - SMB/Windows Admin Shares
T1041 - Exfiltration Over C2 Channel
T1078 - Valid Accounts
T1569.002 - Service Execution

MITREへのリンク →

Sandworm Team

Score: 11.46

Matched TTPs:

T1588.006 - Vulnerabilities
T1021.002 - SMB/Windows Admin Shares
T1041 - Exfiltration Over C2 Channel
T1078 - Valid Accounts
T1078.002 - Domain Accounts

MITREへのリンク →

Volt Typhoon

Score: 9.20

Matched TTPs:

T1588.006 - Vulnerabilities
T1078 - Valid Accounts
T1078.002 - Domain Accounts
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Storm-0501

Score: 7.47

Matched TTPs:

T1588.006 - Vulnerabilities
T1003.006 - DCSync

MITREへのリンク →

APT41

Score: 10.56

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1021.002 - SMB/Windows Admin Shares
T1078 - Valid Accounts
T1021.001 - Remote Desktop Protocol
T1569.002 - Service Execution

MITREへのリンク →

APT3

Score: 14.62

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1021.002 - SMB/Windows Admin Shares
T1041 - Exfiltration Over C2 Channel
T1078.002 - Domain Accounts
T1036.010 - Masquerade Account Name
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Magic Hound

Score: 13.99

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1078.002 - Domain Accounts
T1036.010 - Masquerade Account Name
T1021.001 - Remote Desktop Protocol
T1584.001 - Domains

MITREへのリンク →

APT5

Score: 7.09

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1078.002 - Domain Accounts
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

FIN13

Score: 13.94

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1021.002 - SMB/Windows Admin Shares
T1021.001 - Remote Desktop Protocol
T1564.001 - Hidden Files and Directories
T1556 - Modify Authentication Process

MITREへのリンク →

Kimsuky

Score: 23.45

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1041 - Exfiltration Over C2 Channel
T1055.012 - Process Hollowing
T1585 - Establish Accounts
T1021.001 - Remote Desktop Protocol
T1588.005 - Exploits
T1584.001 - Domains
T1078.003 - Local Accounts

MITREへのリンク →

Threat Group-1314

Score: 4.22

Matched TTPs:

T1021.002 - SMB/Windows Admin Shares
T1078.002 - Domain Accounts

MITREへのリンク →

Aquatic Panda

Score: 5.87

Matched TTPs:

T1021.002 - SMB/Windows Admin Shares
T1078.002 - Domain Accounts
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Wizard Spider

Score: 14.41

Matched TTPs:

T1021.002 - SMB/Windows Admin Shares
T1041 - Exfiltration Over C2 Channel
T1078 - Valid Accounts
T1078.002 - Domain Accounts
T1021.001 - Remote Desktop Protocol
T1569.002 - Service Execution
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Turla

Score: 8.45

Matched TTPs:

T1021.002 - SMB/Windows Admin Shares
T1201 - Password Policy Discovery
T1078.003 - Local Accounts

MITREへのリンク →

Chimera

Score: 20.05

Matched TTPs:

T1021.002 - SMB/Windows Admin Shares
T1041 - Exfiltration Over C2 Channel
T1078 - Valid Accounts
T1201 - Password Policy Discovery
T1078.002 - Domain Accounts
T1556.001 - Domain Controller Authentication
T1021.001 - Remote Desktop Protocol
T1569.002 - Service Execution

MITREへのリンク →

Fox Kitten

Score: 8.45

Matched TTPs:

T1021.002 - SMB/Windows Admin Shares
T1078 - Valid Accounts
T1585 - Establish Accounts
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Play

Score: 8.31

Matched TTPs:

T1021.002 - SMB/Windows Admin Shares
T1078 - Valid Accounts
T1078.002 - Domain Accounts
T1078.003 - Local Accounts

MITREへのリンク →

ToddyCat

Score: 4.22

Matched TTPs:

T1021.002 - SMB/Windows Admin Shares
T1078.002 - Domain Accounts

MITREへのリンク →

FIN8

Score: 7.75

Matched TTPs:

T1021.002 - SMB/Windows Admin Shares
T1078 - Valid Accounts
T1021.001 - Remote Desktop Protocol
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Blue Mockingbird

Score: 5.98

Matched TTPs:

T1021.002 - SMB/Windows Admin Shares
T1021.001 - Remote Desktop Protocol
T1569.002 - Service Execution

MITREへのリンク →

APT32

Score: 14.38

Matched TTPs:

T1021.002 - SMB/Windows Admin Shares
T1041 - Exfiltration Over C2 Channel
T1564.001 - Hidden Files and Directories
T1569.002 - Service Execution
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
T1078.003 - Local Accounts

MITREへのリンク →

Cinnamon Tempest

Score: 5.65

Matched TTPs:

T1021.002 - SMB/Windows Admin Shares
T1078 - Valid Accounts
T1078.002 - Domain Accounts

MITREへのリンク →

BlackByte

Score: 14.82

Matched TTPs:

T1021.002 - SMB/Windows Admin Shares
T1041 - Exfiltration Over C2 Channel
T1078 - Valid Accounts
T1055.012 - Process Hollowing
T1078.002 - Domain Accounts
T1021.001 - Remote Desktop Protocol
T1569.002 - Service Execution

MITREへのリンク →

Velvet Ant

Score: 11.13

Matched TTPs:

T1021.002 - SMB/Windows Admin Shares
T1569.002 - Service Execution
T1078.003 - Local Accounts
T1211 - Exploitation for Defense Evasion

MITREへのリンク →

Lazarus Group

Score: 16.24

Matched TTPs:

T1021.002 - SMB/Windows Admin Shares
T1041 - Exfiltration Over C2 Channel
T1078 - Valid Accounts
T1001.003 - Protocol or Service Impersonation
T1021.001 - Remote Desktop Protocol
T1564.001 - Hidden Files and Directories
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

APT39

Score: 9.38

Matched TTPs:

T1021.002 - SMB/Windows Admin Shares
T1041 - Exfiltration Over C2 Channel
T1078 - Valid Accounts
T1021.001 - Remote Desktop Protocol
T1569.002 - Service Execution

MITREへのリンク →

APT28

Score: 23.37

Matched TTPs:

T1021.002 - SMB/Windows Admin Shares
T1078 - Valid Accounts
T1564.001 - Hidden Files and Directories
T1550.001 - Application Access Token
T1001.001 - Junk Data
T1669 - Wi-Fi Networks
T1211 - Exploitation for Defense Evasion

MITREへのリンク →

Storm-1811

Score: 5.56

Matched TTPs:

T1021.002 - SMB/Windows Admin Shares
T1036.010 - Masquerade Account Name

MITREへのリンク →

Mustang Panda

Score: 19.39

Matched TTPs:

T1176.002 - IDE Extensions
T1041 - Exfiltration Over C2 Channel
T1001.003 - Protocol or Service Impersonation
T1564.001 - Hidden Files and Directories
T1003.006 - DCSync
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Scattered Spider

Score: 14.12

Matched TTPs:

T1041 - Exfiltration Over C2 Channel
T1078 - Valid Accounts
T1556.006 - Multi-Factor Authentication
T1538 - Cloud Service Dashboard
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

LuminousMoth

Score: 4.64

Matched TTPs:

T1041 - Exfiltration Over C2 Channel
T1564.001 - Hidden Files and Directories

MITREへのリンク →

GALLIUM

Score: 3.40

Matched TTPs:

T1041 - Exfiltration Over C2 Channel
T1078 - Valid Accounts

MITREへのリンク →

Higaisa

Score: 5.82

Matched TTPs:

T1041 - Exfiltration Over C2 Channel
T1001.003 - Protocol or Service Impersonation

MITREへのリンク →

Contagious Interview

Score: 8.16

Matched TTPs:

T1041 - Exfiltration Over C2 Channel
T1585 - Establish Accounts
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Agrius

Score: 5.91

Matched TTPs:

T1041 - Exfiltration Over C2 Channel
T1078.002 - Domain Accounts
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Leviathan

Score: 5.05

Matched TTPs:

T1041 - Exfiltration Over C2 Channel
T1078 - Valid Accounts
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

UNC3886

Score: 5.96

Matched TTPs:

T1212 - Exploitation for Credential Access
T1078 - Valid Accounts

MITREへのリンク →

FIN7

Score: 10.80

Matched TTPs:

T1078 - Valid Accounts
T1021.001 - Remote Desktop Protocol
T1564.001 - Hidden Files and Directories
T1569.002 - Service Execution
T1078.003 - Local Accounts

MITREへのリンク →

Akira

Score: 7.20

Matched TTPs:

T1078 - Valid Accounts
T1531 - Account Access Removal
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

LAPSUS$

Score: 9.18

Matched TTPs:

T1078 - Valid Accounts
T1531 - Account Access Removal
T1003.006 - DCSync

MITREへのリンク →

Axiom

Score: 12.15

Matched TTPs:

T1078 - Valid Accounts
T1563.002 - RDP Hijacking
T1021.001 - Remote Desktop Protocol
T1001.002 - Steganography

MITREへのリンク →

Indrik Spider

Score: 5.36

Matched TTPs:

T1078 - Valid Accounts
T1078.002 - Domain Accounts
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Silence

Score: 5.47

Matched TTPs:

T1078 - Valid Accounts
T1021.001 - Remote Desktop Protocol
T1569.002 - Service Execution

MITREへのリンク →

FIN10

Score: 5.74

Matched TTPs:

T1078 - Valid Accounts
T1021.001 - Remote Desktop Protocol
T1078.003 - Local Accounts

MITREへのリンク →

INC Ransom

Score: 5.47

Matched TTPs:

T1078 - Valid Accounts
T1021.001 - Remote Desktop Protocol
T1569.002 - Service Execution

MITREへのリンク →

FIN6

Score: 8.22

Matched TTPs:

T1078 - Valid Accounts
T1021.001 - Remote Desktop Protocol
T1569.002 - Service Execution
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Sea Turtle

Score: 4.09

Matched TTPs:

T1078 - Valid Accounts
T1078.003 - Local Accounts

MITREへのリンク →

Gorgon Group

Score: 3.15

Matched TTPs:

T1055.012 - Process Hollowing

MITREへのリンク →

TA2541

Score: 3.15

Matched TTPs:

T1055.012 - Process Hollowing

MITREへのリンク →

DarkHydrus

Score: 4.13

Matched TTPs:

T1187 - Forced Authentication

MITREへのリンク →

APT17

Score: 3.44

Matched TTPs:

T1585 - Establish Accounts

MITREへのリンク →

APT1

Score: 4.93

Matched TTPs:

T1021.001 - Remote Desktop Protocol
T1584.001 - Domains

MITREへのリンク →

Tropic Trooper

Score: 5.33

Matched TTPs:

T1564.001 - Hidden Files and Directories
T1078.003 - Local Accounts

MITREへのリンク →

Transparent Tribe

Score: 5.95

Matched TTPs:

T1564.001 - Hidden Files and Directories
T1584.001 - Domains

MITREへのリンク →

HAFNIUM

Score: 9.46

Matched TTPs:

T1564.001 - Hidden Files and Directories
T1550.001 - Application Access Token
T1078.003 - Local Accounts

MITREへのリンク →

SideCopy

Score: 3.29

Matched TTPs:

T1584.001 - Domains

MITREへのリンク →

Mustard Tempest

Score: 3.29

Matched TTPs:

T1584.001 - Domains

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.75

Matched TTPs:

T1055.012 - Process Hollowing
T1021.001 - Remote Desktop Protocol
T1588.005 - Exploits
T1584.001 - Domains
T1041 - Exfiltration Over C2 Channel
T1098.007 - Additional Local or Domain Groups
T1078.003 - Local Accounts
T1585 - Establish Accounts

MITREへのリンク →

APT28

Score: 0.74

Matched TTPs:

T1021.002 - SMB/Windows Admin Shares
T1001.001 - Junk Data
T1078 - Valid Accounts
T1669 - Wi-Fi Networks
T1550.001 - Application Access Token
T1564.001 - Hidden Files and Directories
T1211 - Exploitation for Defense Evasion

MITREへのリンク →

Chimera

Score: 0.63

Matched TTPs:

T1569.002 - Service Execution
T1556.001 - Domain Controller Authentication
T1021.002 - SMB/Windows Admin Shares
T1201 - Password Policy Discovery
T1078 - Valid Accounts
T1021.001 - Remote Desktop Protocol
T1041 - Exfiltration Over C2 Channel
T1078.002 - Domain Accounts

MITREへのリンク →

Mustang Panda

Score: 0.62

Matched TTPs:

T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
T1001.003 - Protocol or Service Impersonation
T1176.002 - IDE Extensions
T1041 - Exfiltration Over C2 Channel
T1003.006 - DCSync
T1564.001 - Hidden Files and Directories

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る