Trusted Design

The MeDoc Connection

概要

The Nyetya attack was a destructive ransomware variant that affected many organizations inside of Ukraine and multinational corporations with operations in Ukraine. In cooperation with Cisco Advanced Services Incident Response, Talos identified several key aspects of the attack. The investigation found a supply chain-focused attack at M.E.Doc software that delivered a destructive payload disguised as ransomware. By utilizing stolen credentials, the actor was able to manipulate the update server for M.E.Doc to proxy connections to an actor-controlled server. Based on the findings, Talos remains confident that the attack was destructive in nature. The effects were broad reaching, with Ukraine Cyber police confirming over 2000 affected companies in Ukraine alone.

Created: 2026-02-23

Indicators

類似Pulses

Malicious Code Analysis on Ukraine's Power Grid Incident (score: 0.61)
Fidelis Threat Advisory #1017: Phishing in Plain Sight (score: 0.59)
WanaCrypt0r Ransomworm (score: 0.59)
SAMSAM: THE DOCTOR WILL SEE YOU, AFTER HE PAYS THE RANSOM (score: 0.59)
FBI Flash MC-000070-MW (score: 0.59)

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 14.95

Matched TTPs:

T1583 - Acquire Infrastructure
T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1657 - Financial Theft
T1102.001 - Dead Drop Resolver
T1078.003 - Local Accounts

MITREへのリンク →

Sea Turtle

Score: 9.92

Matched TTPs:

T1583 - Acquire Infrastructure
T1190 - Exploit Public-Facing Application
T1199 - Trusted Relationship
T1078.003 - Local Accounts

MITREへのリンク →

Ember Bear

Score: 14.94

Matched TTPs:

T1583 - Acquire Infrastructure
T1491.002 - External Defacement
T1195 - Supply Chain Compromise
T1190 - Exploit Public-Facing Application
T1588.001 - Malware

MITREへのリンク →

Indrik Spider

Score: 5.37

Matched TTPs:

T1583 - Acquire Infrastructure
T1486 - Data Encrypted for Impact

MITREへのリンク →

Agrius

Score: 4.50

Matched TTPs:

T1583 - Acquire Infrastructure
T1190 - Exploit Public-Facing Application

MITREへのリンク →

Contagious Interview

Score: 11.66

Matched TTPs:

T1583 - Acquire Infrastructure
T1608.001 - Upload Malware
T1681 - Search Threat Vendor Data
T1657 - Financial Theft

MITREへのリンク →

Sandworm Team

Score: 27.01

Matched TTPs:

T1583 - Acquire Infrastructure
T1491.002 - External Defacement
T1608.001 - Upload Malware
T1195 - Supply Chain Compromise
T1190 - Exploit Public-Facing Application
T1591.002 - Business Relationships
T1584.005 - Botnet
T1199 - Trusted Relationship
T1486 - Data Encrypted for Impact

MITREへのリンク →

Star Blizzard

Score: 5.01

Matched TTPs:

T1583 - Acquire Infrastructure
T1608.001 - Upload Malware

MITREへのリンク →

TA2541

Score: 4.43

Matched TTPs:

T1608.001 - Upload Malware
T1588.001 - Malware

MITREへのリンク →

Earth Lusca

Score: 5.90

Matched TTPs:

T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1588.001 - Malware

MITREへのリンク →

LuminousMoth

Score: 4.43

Matched TTPs:

T1608.001 - Upload Malware
T1588.001 - Malware

MITREへのリンク →

OilRig

Score: 9.44

Matched TTPs:

T1608.001 - Upload Malware
T1195 - Supply Chain Compromise
T1555.004 - Windows Credential Manager

MITREへのリンク →

LazyScripter

Score: 4.43

Matched TTPs:

T1608.001 - Upload Malware
T1588.001 - Malware

MITREへのリンク →

Threat Group-3390

Score: 6.19

Matched TTPs:

T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1199 - Trusted Relationship

MITREへのリンク →

TA505

Score: 6.77

Matched TTPs:

T1608.001 - Upload Malware
T1588.001 - Malware
T1486 - Data Encrypted for Impact

MITREへのリンク →

BlackByte

Score: 8.18

Matched TTPs:

T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1486 - Data Encrypted for Impact
T1569.002 - Service Execution

MITREへのリンク →

APT32

Score: 7.04

Matched TTPs:

T1608.001 - Upload Malware
T1569.002 - Service Execution
T1078.003 - Local Accounts

MITREへのリンク →

Moonstone Sleet

Score: 6.71

Matched TTPs:

T1608.001 - Upload Malware
T1486 - Data Encrypted for Impact
T1569.002 - Service Execution

MITREへのリンク →

FIN7

Score: 10.85

Matched TTPs:

T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1486 - Data Encrypted for Impact
T1569.002 - Service Execution
T1078.003 - Local Accounts

MITREへのリンク →

Rocke

Score: 4.76

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Volt Typhoon

Score: 5.09

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1584.005 - Botnet

MITREへのリンク →

APT28

Score: 12.89

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1092 - Communication Through Removable Media
T1199 - Trusted Relationship
T1211 - Exploitation for Defense Evasion

MITREへのリンク →

BackdoorDiplomacy

Score: 3.93

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1588.001 - Malware

MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.22

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1199 - Trusted Relationship

MITREへのリンク →

FIN13

Score: 3.99

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1657 - Financial Theft

MITREへのリンク →

Magic Hound

Score: 3.81

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1486 - Data Encrypted for Impact

MITREへのリンク →

Medusa Group

Score: 13.27

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1657 - Financial Theft
T1486 - Data Encrypted for Impact
T1650 - Acquire Access
T1569.002 - Service Execution

MITREへのリンク →

Storm-0501

Score: 6.33

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1657 - Financial Theft
T1486 - Data Encrypted for Impact

MITREへのリンク →

Cinnamon Tempest

Score: 3.99

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1657 - Financial Theft

MITREへのリンク →

Ke3chang

Score: 3.87

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1569.002 - Service Execution

MITREへのリンク →

menuPass

Score: 4.22

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1199 - Trusted Relationship

MITREへのリンク →

Blue Mockingbird

Score: 3.87

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1569.002 - Service Execution

MITREへのリンク →

APT29

Score: 6.88

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1199 - Trusted Relationship
T1078.003 - Local Accounts

MITREへのリンク →

INC Ransom

Score: 8.73

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1657 - Financial Theft
T1486 - Data Encrypted for Impact
T1569.002 - Service Execution

MITREへのリンク →

UNC3886

Score: 8.06

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1681 - Search Threat Vendor Data
T1588.001 - Malware

MITREへのリンク →

Dragonfly

Score: 5.31

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1591.002 - Business Relationships

MITREへのリンク →

Axiom

Score: 9.63

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1584.005 - Botnet
T1001.002 - Steganography

MITREへのリンク →

APT41

Score: 9.49

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1486 - Data Encrypted for Impact
T1569.002 - Service Execution
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Play

Score: 6.66

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1657 - Financial Theft
T1078.003 - Local Accounts

MITREへのリンク →

HAFNIUM

Score: 14.35

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1584.005 - Botnet
T1199 - Trusted Relationship
T1098 - Account Manipulation
T1078.003 - Local Accounts

MITREへのリンク →

APT39

Score: 3.87

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1569.002 - Service Execution

MITREへのリンク →

LAPSUS$

Score: 9.05

Matched TTPs:

T1591.002 - Business Relationships
T1588.001 - Malware
T1199 - Trusted Relationship

MITREへのリンク →

Turla

Score: 8.75

Matched TTPs:

T1588.001 - Malware
T1555.004 - Windows Credential Manager
T1078.003 - Local Accounts

MITREへのリンク →

Scattered Spider

Score: 11.17

Matched TTPs:

T1588.001 - Malware
T1657 - Financial Theft
T1098 - Account Manipulation
T1486 - Data Encrypted for Impact

MITREへのリンク →

Akira

Score: 4.86

Matched TTPs:

T1657 - Financial Theft
T1486 - Data Encrypted for Impact

MITREへのリンク →

Water Galura

Score: 4.86

Matched TTPs:

T1657 - Financial Theft
T1486 - Data Encrypted for Impact

MITREへのリンク →

Lazarus Group

Score: 3.84

Matched TTPs:

T1098 - Account Manipulation

MITREへのリンク →

APT38

Score: 4.74

Matched TTPs:

T1486 - Data Encrypted for Impact
T1569.002 - Service Execution

MITREへのリンク →

Stealth Falcon

Score: 3.62

Matched TTPs:

T1555.004 - Windows Credential Manager

MITREへのリンク →

Wizard Spider

Score: 6.02

Matched TTPs:

T1555.004 - Windows Credential Manager
T1569.002 - Service Execution

MITREへのリンク →

Velvet Ant

Score: 9.20

Matched TTPs:

T1569.002 - Service Execution
T1078.003 - Local Accounts
T1211 - Exploitation for Defense Evasion

MITREへのリンク →

RTM

Score: 3.29

Matched TTPs:

T1102.001 - Dead Drop Resolver

MITREへのリンク →

BRONZE BUTLER

Score: 3.29

Matched TTPs:

T1102.001 - Dead Drop Resolver

MITREへのリンク →

Patchwork

Score: 3.29

Matched TTPs:

T1102.001 - Dead Drop Resolver

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.83

Matched TTPs:

T1195 - Supply Chain Compromise
T1608.001 - Upload Malware
T1486 - Data Encrypted for Impact
T1584.005 - Botnet
T1491.002 - External Defacement
T1591.002 - Business Relationships
T1199 - Trusted Relationship
T1583 - Acquire Infrastructure
T1190 - Exploit Public-Facing Application

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る