Conti

Malware updated 14 hours ago (2024-10-17T12:01:45.355Z)
Download STIX
Preview STIX
Conti is a notorious type of malware, specifically ransomware, that infiltrates computer systems to steal data and disrupt operations. The malicious software often spreads through suspicious downloads, emails, or websites, and once inside, it can hold data hostage for ransom. The Conti ransomware operation was linked to several cybercriminal groups, including ITG23, which used Conti in conjunction with other malware like Trickbot and BazarLoader. The BlackByte group, known for its ransomware-as-a-service (RaaS) operations, has been tied to Conti as well. Additionally, the Conti operation spun off multiple subgroups under different names, such as Royal, which targeted various sectors including manufacturing, communications, education, and healthcare. The downfall of the Conti operation began in 2022 when the leaders decided to support Russian President Vladimir Putin's war against Ukraine, leading to a significant drop in incoming ransom payments. Before shutting down, Conti had diversified its operations, with offshoots like the Russian-speaking BlackSuit and the DragonForce gang, which utilized modified versions of LockBit and Conti ransomware in their attacks. Despite its shutdown, Conti's influence continued to be felt in the cybersecurity landscape. For instance, the BlackByte group, believed to be a spin-off from Conti, exploited a recently disclosed VMware ESXi vulnerability to gain control over virtual machines and escalate privileges within compromised environments. In terms of law enforcement actions against Conti, Ukrainian Police arrested a hacker who developed a crypter used by both the Conti and LockBit ransomware operations. This individual was directly involved in at least one attack using the Conti ransomware in 2021. In April 2024, another criminal who developed a packer allegedly used by the Conti and Lockbit groups to evade antivirus detection was arrested in Kyiv. According to leaked internal communications, Conti operated much like a regular business, with approximately 200 employees. The FBI identified a cluster of crypto addresses that received some ransoms paid to the group, including half of the first known Conti victim ransom payment in June 2020.
Description last updated: 2024-10-17T11:54:04.774Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Ryuk is a possible alias for Conti. Ryuk is a type of malware known as ransomware, which has been utilized by the threat group ITG23 for several years. This group has been notorious for crypting their malware, with crypters seen in use with other malware such as Trickbot, Emotet, Cobalt Strike, and Ryuk. In 2019, most ransomware inves
10
Black Basta is a possible alias for Conti. Black Basta is a notorious malware and ransomware group known for its high-profile attacks on various sectors. The group, also known as Storm-0506, has been active since at least early 2022 and has accumulated over $107 million in Bitcoin ransom payments. It deploys malicious software to exploit vul
9
Blacksuit is a possible alias for Conti. BlackSuit is a malicious software (malware) that has been causing significant harm in the digital world. It infiltrates systems through dubious downloads, emails, or websites, and once inside, it can steal personal data, disrupt operations, or hold data hostage for ransom. BlackSuit malware, which i
7
Akira is a possible alias for Conti. Akira is a notorious malware, specifically a ransomware, that has been active since April 2023. It utilizes dual extortion tactics to compromise various industries, as outlined in a technical analysis shared by cybersecurity researchers. The ransomware's modus operandi includes stealing sensitive da
6
Lockbit Green is a possible alias for Conti. LockBit, also known as Gold Mystic and Water Selkie, is a notorious ransomware group that has been active since its inception in September 2019. It has developed several variants of its malware over the years, including LockBit 1.0, LockBit 2.0, LockBit 3.0, and most recently, LockBit Green. The gro
6
Monti is a possible alias for Conti. Monti is a malicious software, or malware, specifically a member of the Linux ransomware family. Ransomware is designed to infiltrate computer systems, often without the user's knowledge, through suspect downloads, emails, or websites. Once inside, it can cause significant damage by stealing persona
5
Blackbasta is a possible alias for Conti. BlackBasta is a notorious malware, particularly known for its ransomware attacks. The group behind it has been linked with other harmful software such as IcedID, NetSupport, Gozi, PikaBot, Pushdo, Quantum, Royal, and Nokoyawa. Artifacts and indicators of compromise (IoCs) suggest a possible relation
5
Zeon is a possible alias for Conti. Zeon, a known threat actor in the cybersecurity landscape, has been linked to several high-profile ransomware attacks. It was instrumental in crypting SVCReady and CargoBay loaders, observed in Quantum and Royal ransomware attacks respectively. Zeon has also employed third-party ransomware such as B
4
Blackbyte is a possible alias for Conti. BlackByte, a threat actor believed to be an offshoot of the notorious Conti group, has been observed by cybersecurity experts exploiting a recently disclosed VMware ESXi vulnerability (CVE-2024-37085) to gain control over virtual machines and escalate privileges within compromised environments. This
4
AvosLocker is a possible alias for Conti. AvosLocker is a type of malware, specifically ransomware, known for its malicious intent to exploit and damage computer systems. This software often infiltrates systems undetected through suspicious downloads, emails, or websites, subsequently causing disruption in operations, theft of personal info
3
Bl00dy is a possible alias for Conti. Bl00dy is a threat actor known for its malicious activities in the cyber world. The group, along with another threat actor called Black Basta, have recently been identified as exploiting bugs in ConnectWise ScreenConnect, a popular remote management tool. This exploitation has led to a significant i
3
Gazprom is a possible alias for Conti. Gazprom, named after the Russian gas giant, is a malicious software (malware) that has been causing significant disruption in the digital world. The malware uses leaked Conti source code and is often mistaken for LockBit crypto-locker due to its similar operational style. This confusion is further c
2
ITG23 is a possible alias for Conti. ITG23, also known as the Trickbot/Conti syndicate, is a significant threat actor that has been active since 2016 in the East European cybercrime arena. This group is renowned for its use of Reflective DLL Injection code in many of its crypters, with the presence of these crypters on a file sample be
2
EXOTIC LILY is a possible alias for Conti. Exotic Lily, an initial access broker (IAB), has been active since at least September 2021. The entity conducts highly sophisticated phishing campaigns to gain initial access to organizations and then sells this access to other threat actors, including ransomware groups. A notable example of their m
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Malware
Ransom
Cybercrime
RaaS
Encryption
Botnet
Russia
Loader
Antivirus
Windows
Locker
Exploit
Trojan
Cobalt Strike
russian
Extortion
Vulnerability
Clop
Source
Phishing
Backdoor
Crypter
Data Leak
Esxi
Linux
Police
Bitcoin
Exploits
Encrypt
Fraud
Health
Lateral Move...
CISA
Downloader
Crypting
exploited
Uk
Kaspersky
Tool
Macos
Apt
Beacon
Payload
Ukraine
Proxy
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Lockbit Malware is associated with Conti. LockBit is a notorious malware that operates on a ransomware-as-a-service model, which has been responsible for significant cyber attacks across the globe. One of its most high-profile targets was Boeing, from whom the LockBit gang claimed to have stolen data. This incident not only disrupted operatis related to
16
The TrickBot Malware is associated with Conti. TrickBot is a notorious malware that has been used extensively by cybercriminals to exploit and damage computer systems. It operates as a crimeware-as-a-service platform, infecting systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steaUnspecified
12
The REvil Malware is associated with Conti. REvil is a notorious malware, specifically a type of ransomware, that gained prominence in the cybercrime world as part of the Ransomware as a Service (RaaS) model. This model became increasingly popular in 2020, establishing relationships between first-stage malwares and subsequent ransomware attacUnspecified
9
The Hive Malware is associated with Conti. Hive is a malicious software (malware) known for its ransomware capabilities, which has been highly active in numerous countries, including the US. This malware infects systems often through suspicious downloads, emails, or websites, disrupting operations and stealing personal information. Notably, Unspecified
7
The Royal Ransomware Malware is associated with Conti. The Royal Ransomware, a harmful malware program designed to exploit and damage computer systems, operated from September 2022 through June 2023. It employed multi-threaded encryption to disrupt operations and hold data hostage for ransom. The ransomware was primarily disseminated through suspicious is related to
7
The Emotet Malware is associated with Conti. Emotet is a particularly dangerous and insidious type of malware that has reemerged as a significant threat. This malicious software, which infects systems through suspicious downloads, emails, or websites, can steal personal information, disrupt operations, or even hold data for ransom. Emotet-infeUnspecified
6
The QakBot Malware is associated with Conti. Qakbot is a potent piece of malware, or malicious software, that infiltrates computer systems through suspicious downloads, emails, or websites. Once installed, it can steal personal information, disrupt operations, or even hold data hostage for ransom. This malware, built by various groups includinUnspecified
5
The Babuk Malware is associated with Conti. Babuk is a form of malware, specifically ransomware, that infiltrates computer systems and encrypts files, rendering them inaccessible to the user. It typically infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can disrupt operatioUnspecified
5
The Domino Malware is associated with Conti. Domino is a malicious software (malware) that has been causing significant disruption and harm in recent times. The malware was first identified when it infiltrated the IBM Domino Server, a platform used widely for hosting critical applications and services. Despite security measures such as ESET MaUnspecified
5
The Bazarloader Malware is associated with Conti. BazarLoader is a form of malware that has been utilized extensively by ITG23, a cybercriminal group. This harmful software infiltrates systems via suspicious downloads, emails, or websites, potentially stealing personal information, disrupting operations, or holding data for ransom. ITG23 has used BUnspecified
4
The Karakurt Malware is associated with Conti. Karakurt is a malicious software (malware) that has been linked to significant data extortion activities. The malware is affiliated with the notorious Conti cybercrime syndicate and ITG23, which are known for their disruptive operations, including data theft and ransom demands. In 2023, there was a Unspecified
4
The Maze Malware is associated with Conti. Maze is a form of malicious software, or malware, that pioneered a novel double-extortion tactic in the cyber threat landscape. Its modus operandi involves stealing victims' files before encrypting them, thereby enabling the threat actors to threaten both the disruption of operations and the releaseUnspecified
3
The Egregor Malware is associated with Conti. Egregor is a malicious software variant of the Sekhmet ransomware that operates on a Ransomware-as-a-Service (RaaS) model. It is speculated to be associated with former Maze affiliates, and is notorious for its double extortion tactics, which involve not only encrypting the victim's data but also puUnspecified
3
The Anchor Malware is associated with Conti. Anchor is a type of malware, a malicious software designed to exploit and damage computer systems. It often infiltrates systems through suspicious downloads, emails, or websites, and can lead to theft of personal information, disruption of operations, or even ransom attacks on data. Anchor has been Unspecified
3
The Bumblebee Malware is associated with Conti. Bumblebee is a type of malware that has been linked to ITG23, a cybercriminal group known for its use of crypters such as Emotet, IcedID, Qakbot, Bumblebee, and Gozi. Distributed via phishing campaigns or compromised websites, Bumblebee enables the delivery and execution of further payloads. The samhas used
3
The RTM Malware is associated with Conti. RTM is a malicious software, first reported as the RTM banking Trojan, that was initially detected by vendors such as Symantec and Microsoft in 2017. This malware operates on Windows 7 RTM (7600) and was later updated to a variant known as Redaman. The leaked source code of RTM has been utilized to Unspecified
3
The malware Conti, Lockbit is associated with Conti. Unspecified
3
The Diavol Malware is associated with Conti. Diavol is a type of malware, specifically ransomware, that infiltrates systems to exploit and cause damage. It can infect systems through various channels such as suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Diavol can steal personal information, disrupt opeUnspecified
3
The IcedID Malware is associated with Conti. IcedID is a type of malware, malicious software designed to exploit and damage computer systems. It has been identified in association with various other malwares such as Qakbot, BazarLoader, CobaltStrike, Conti, Gozi, Trickbot, Quantum, Emotet, and Pikabot. The IcedID IntBot Loader (int-bot.dll) isUnspecified
3
The Lockbit Black Malware is associated with Conti. LockBit Black, also known as LockBit 3.0, is a malicious software that emerged in early 2022 following the release of its predecessor, LockBit 2.0 (or LockBit Red) in mid-2021. The malware has been developed to exploit and damage computer systems by encrypting files, often leading to ransom demands Unspecified
3
The Bazarbackdoor Malware is associated with Conti. BazarBackdoor is a type of malware developed by ITG23, first identified in April 2020. It is commonly distributed via contact forms on corporate websites, bypassing regular phishing emails, which makes it harder to detect. The malware is often associated with BazarLoader, both of which were used extUnspecified
3
The Nokoyawa Malware is associated with Conti. Nokoyawa is a prominent malware, specifically ransomware, that has been linked to numerous cybercrime activities since it first emerged in 2022. It has been associated with various other malware families including Quantum, Royal, BlackBasta, and a variety of others such as Emotet, IcedID, CobaltStriis related to
3
The Qbot Malware is associated with Conti. Qbot, also known as Qakbot or Pinkslipbot, is a modular information stealer malware that first emerged in 2007 as a banking trojan. Its evolution has seen it become an advanced strain of malware used by multiple cybercriminal groups to prepare compromised networks for ransomware infestations. The fiUnspecified
3
The Ragnar Locker Malware is associated with Conti. Ragnar Locker is a type of malware, specifically ransomware, known for its destructive impact on computer systems. It infiltrates systems primarily through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operations, or hold data hostage for ransUnspecified
3
The Bazaloader Malware is associated with Conti. BazaLoader is a type of malware, malicious software designed to infiltrate and damage computer systems, often without the user's knowledge. It is typically distributed through suspicious downloads, emails, or websites, and once inside a system, it can steal personal information, disrupt operations, Unspecified
2
The HELLOKITTY Malware is associated with Conti. HelloKitty is a malicious software (malware) that has been designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold datUnspecified
2
The Conti Encryptor Malware is associated with Conti. Conti Encryptor is a type of malware, a malicious software designed to exploit and damage computer systems. It can infiltrate systems through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once it has gained access, Conti Encryptor can cause sUnspecified
2
The Brute Ratel Malware is associated with Conti. Brute Ratel is a malicious software (malware) that has been increasingly used by cyber threat actors to exploit and damage computer systems. It is often delivered through suspicious downloads, emails, or websites and can infiltrate systems without the user's knowledge. Once inside, Brute Ratel can sUnspecified
2
The Lockbit Red Malware is associated with Conti. LockBit, a notorious ransomware, underwent a significant upgrade to LockBit 2.0 (also known as LockBit Red) in mid-2021. This malware version, designed to exploit and damage computer systems, was often propagated through suspicious downloads, emails, or websites. Once infiltrated, it could steal perUnspecified
2
The Cobalt Strike Beacon Malware is associated with Conti. Cobalt Strike Beacon is a type of malware that has been linked to various ransomware activities. This malicious software has been loaded by HUI Loader in several instances, with different files such as mpc.tmp, dlp.ini, and vmtools.ini being used. A unique feature of this Cobalt Strike Beacon shellcUnspecified
2
The Ghost Malware is associated with Conti. "Ghost" refers to a sophisticated malware network that was discovered and dismantled in 2020 following a two-year investigation led by Europol and global law enforcement agencies. The network, also known as the Stargazers Ghost Network, was found to be operating through GitHub accounts, distributingUnspecified
2
The Snatch Malware is associated with Conti. Snatch is a type of malware, specifically a ransomware, that poses significant threats to digital security. This malicious software infiltrates systems typically via suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, Snatch can cause extensive damage, incUnspecified
2
The Milan Malware is associated with Conti. Milan is a malicious software, or malware, that was notably deployed by the cyber group OilRig in 2021. The group updated its DanBot backdoor and began deploying multiple backdoors including Shark, Milan, and Marlin. These backdoors were mentioned in the T3 2021 issue of the ESET Threat Report. SimiUnspecified
2
The Pysa Malware is associated with Conti. Pysa is a type of ransomware, a malicious software designed to exploit and damage computer systems by encrypting data and demanding ransom for its decryption. The Pysa ransomware group, known for its organizational hierarchy that includes senior executives, system admins, developers, recruiters, HR,Unspecified
2
The Anubis Malware is associated with Conti. Anubis, also known as IcedID or Bokbot, is a sophisticated piece of malware primarily functioning as a banking trojan. It was first discovered by X-Force in September 2017 and has since evolved to target a wide range of financial applications. Notably, Anubis has consistently ranked among the top fiUnspecified
2
The RTM Locker Malware is associated with Conti. RTM Locker is a recently emerged ransomware that targets enterprise systems, specifically Linux virtual machines on VMware ESXi servers. This malicious software was developed from the leaked source code of the now-defunct Babuk ransomware, which was made public by an alleged member of the Babuk grouUnspecified
2
The Revil/sodinokibi Malware is associated with Conti. REvil/Sodinokibi is a type of malware, specifically ransomware, first identified on September 24, 2019. This malicious software is designed to infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, it can steal personal information,Unspecified
2
The Dyre Malware is associated with Conti. Dyre, also known as Dyreza or Dyzap, is a banking Trojan that was initially designed to monitor online banking transactions with the aim of stealing passwords, money, or both. It first emerged in 2009 and 2010, targeting victim bank accounts held at various U.S.-based financial institutions. These iUnspecified
2
The Dyreza Malware is associated with Conti. Dyreza, also known as Dyre, is a sophisticated banking trojan malware that has garnered significant attention over the past several years. This malicious software is designed to exploit and damage computer systems, often infecting them through suspicious downloads, emails, or websites without user kUnspecified
2
The malware Emotet, Trickbot is associated with Conti. Unspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Alphv Threat Actor is associated with Conti. AlphV, also known as BlackCat, is a notorious threat actor that has been active since November 2021. This group pioneered the public leaks business model and has been associated with various ransomware families, including Akira, LockBit, Play, and Basta. AlphV gained significant attention for its laIs from
8
The Conti Team Threat Actor is associated with Conti. The Conti team, a threat actor group known for its malicious activities in the cyber realm, has seen significant developments and transformations over recent years. In September 2022, a splinter group from Conti Team One resurfaced under the name Royal Ransomware, conducting callback phishing attackUnspecified
6
The FIN7 Threat Actor is associated with Conti. FIN7, also known as Carbanak, Carbon Spider, Cobalt Group, and Navigator Group, is a notorious cybercrime group that has been active since 2012. The group is recognized for its advanced combination of malware and social engineering tactics, having executed numerous successful attacks against global Unspecified
5
The Blackmatter Threat Actor is associated with Conti. BlackMatter is a recognized threat actor in the cybersecurity industry, notorious for its malicious activities and the execution of ransomware attacks. The group initially operated as DarkSide, responsible for the high-profile Colonial Pipeline attack in May 2021, which led to significant attention Unspecified
4
The DarkSide Threat Actor is associated with Conti. DarkSide is a threat actor known for its malicious activities, primarily in the realm of ransomware attacks. One of their most notable exploits occurred on May 7, 2021, when they targeted Colonial Pipeline Co., a major player in the U.S. energy sector. The attack disrupted the gasoline supply acrossUnspecified
4
The Wizard Spider Threat Actor is associated with Conti. Wizard Spider, also known as ITG23, DEV-0193, Trickbot Group, Fin12, and Grimspider, is a significant threat actor in the cybercrime landscape. This group has been continually analyzed by IBM Security X-Force researchers for its use of several crypters and is credited with creating the notorious, evUnspecified
4
The KillNet Threat Actor is associated with Conti. Killnet is a pro-Russian threat actor group that has gained notoriety for its disruptive cyber-attacks on various government entities. The group's activities peaked in July 2022 when it targeted multiple government resources in Poland, including the Ministry of Foreign Affairs, Senate, Border ControUnspecified
3
The Sodinokibi Threat Actor is associated with Conti. Sodinokibi, also known as REvil, is a significant threat actor first identified in April 2019. This ransomware family operates as a Ransomware-as-a-Service (RaaS) and has been responsible for one in three ransomware incidents responded to by IBM Security X-Force in 2020. The Sodinokibi ransomware stUnspecified
3
The Conti Ransomware Gang Threat Actor is associated with Conti. The Conti ransomware gang, a notorious threat actor in the cybersecurity landscape, has been responsible for extorting at least $180 million globally. The gang is infamous for the HSE cyberattack in 2021 and has been sanctioned by the National Crime Agency (NCA). In late 2021, experts suggested thatUnspecified
3
The Vice Society Threat Actor is associated with Conti. Vice Society, a threat actor or hacking team with malicious intent, has been active since 2022 and has made significant waves in the cybersecurity world. The group is known for deploying various forms of ransomware, including BlackCat, Quantum Locker, Zeppelin, and their own branded variant of ZeppeUnspecified
2
The Hunters International Threat Actor is associated with Conti. Hunters International is a threat actor group believed to be based in Russia, which has gained prominence in the cybersecurity landscape due to its malicious activities. The group is known for executing sophisticated ransomware attacks, leveraging a tool identified as SharpRhino to gain persistence Unspecified
2
The FIN12 Threat Actor is associated with Conti. FIN12, also known as DEV-0237 and Pistachio Tempest, is a threat actor group notorious for its malicious cyber activities. Tracked by Microsoft, this group is primarily engaged in the distribution of Hive, Conti, and Ryuk ransomware. The group has been responsible for several high-profile ransomwareUnspecified
2
The LockBitSupp Threat Actor is associated with Conti. LockBitSupp, a threat actor and the alleged developer of one of the most prolific ransomware variants known as LockBit, has been identified as Russian national Dmitry Yuryevich Khoroshev. Khoroshev, who operated under aliases "LockBit" and "LockBitSupp," began developing the ransomware as early as SUnspecified
2
The Alphv Ransomware Group Threat Actor is associated with Conti. The ALPHV ransomware group, also known as BlackCat, is a significant cybersecurity threat that has been involved in several high-profile attacks. This threat actor, believed to be linked to Russian organized crime, has claimed responsibility for various cyberattacks, including the MGM Resorts breachUnspecified
2
The ITG14 Threat Actor is associated with Conti. ITG14, a threat actor identified in the cybersecurity industry, has recently been linked to malicious activities involving the Domino Backdoor. X-Force researchers have found substantial evidence connecting the Domino Backdoor to ITG14’s Carbanak Backdoor. The Domino Backdoor not only shares signifiUnspecified
2
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The Proxyshell Vulnerability is associated with Conti. ProxyShell is a critical vulnerability affecting Microsoft Exchange email servers. It is a software design and implementation flaw that allows attackers to gain unauthorized access to the affected systems. The exploit chain for ProxyShell includes CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207. has used
2
The Log4Shell Vulnerability is associated with Conti. Log4Shell is a critical software vulnerability (CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105) in the Apache Log4j library. This flaw in software design or implementation allows for remote code execution, providing attackers with potential access to victims' systems. Notably, LockBit affiliateshas used
2
The Printnightmare Vulnerability is associated with Conti. PrintNightmare (CVE-2021-34527) is a significant vulnerability in the Windows Print Spooler service that allows an attacker to escalate privileges either locally or remotely by loading a malicious DLL which will be executed as SYSTEM. This flaw, potentially a new zero-day Microsoft vulnerability, enhas used
2
The vulnerability CVE-2022-41073 is associated with Conti. Unspecified
2
The CVE-2022-47966 Vulnerability is associated with Conti. CVE-2022-47966 is a critical vulnerability discovered in Zoho ManageEngine ServiceDesk Plus, a widely used IT management software. The flaw was exploited by malicious actors to gain unauthorized access to the organization's systems and networks. The exploitation started just five days after proof-ofhas used
2
The vulnerability CVE-2020-0609 is associated with Conti. has used
2
The CVE-2022-42475 Vulnerability is associated with Conti. The critical zero-day vulnerability, CVE-2022-42475, was discovered in FortiGate firewalls during an incident investigation by the vendor. This flaw in software design or implementation allows an unauthenticated attacker to execute arbitrary code on affected systems. The vulnerability is present in has used
2
The CVE-2021-34527 Vulnerability is associated with Conti. CVE-2021-34527, also known as PrintNightmare, is a software vulnerability that involves a flaw in software design or implementation. The exploitation process begins when a user clicks on a link which downloads a ZIP archive containing a malicious JScript (JS) downloader titled 'Stolen Images Evidenchas used
2
Source Document References
Information about the Conti Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securityaffairs
2 months ago
Securityaffairs
18 days ago
Securelist
a month ago
InfoSecurity-magazine
2 months ago
BankInfoSecurity
2 months ago
BankInfoSecurity
2 months ago
Securityaffairs
2 months ago
Securityaffairs
2 months ago
CERT-EU
9 months ago
Securelist
3 months ago
Securityaffairs
3 months ago
Securityaffairs
3 months ago
DARKReading
3 months ago
Securityaffairs
3 months ago
Securityaffairs
3 months ago
DARKReading
3 months ago
Securityaffairs
3 months ago
Securityaffairs
4 months ago
Securityaffairs
4 months ago
BankInfoSecurity
4 months ago