Skip to content

Hide Navigation Hide TOC

Prestige - S1058 (1da748a5-875d-4212-9222-b4c23ab861be)

Prestige ransomware has been used by Sandworm Team since at least March 2022, including against transportation and related logistics industries in Ukraine and Poland in October 2022.(Citation: Microsoft Prestige ransomware October 2022)

Cluster A Galaxy A Cluster B Galaxy B Level
Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a) Attack Pattern Prestige - S1058 (1da748a5-875d-4212-9222-b4c23ab861be) Malware 1
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Prestige - S1058 (1da748a5-875d-4212-9222-b4c23ab861be) Malware 1
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern Prestige - S1058 (1da748a5-875d-4212-9222-b4c23ab861be) Malware 1
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Prestige - S1058 (1da748a5-875d-4212-9222-b4c23ab861be) Malware 1
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern Prestige - S1058 (1da748a5-875d-4212-9222-b4c23ab861be) Malware 1
Prestige - S1058 (1da748a5-875d-4212-9222-b4c23ab861be) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 1
Group Policy Modification - T1484.001 (5d2be8b9-d24c-4e98-83bf-2f5f79477163) Attack Pattern Prestige - S1058 (1da748a5-875d-4212-9222-b4c23ab861be) Malware 1
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern Prestige - S1058 (1da748a5-875d-4212-9222-b4c23ab861be) Malware 1
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) Attack Pattern Prestige - S1058 (1da748a5-875d-4212-9222-b4c23ab861be) Malware 1
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 2
Group Policy Modification - T1484.001 (5d2be8b9-d24c-4e98-83bf-2f5f79477163) Attack Pattern Domain or Tenant Policy Modification - T1484 (ebb42bbe-62d7-47d7-a55f-3b08b61d792d) Attack Pattern 2