Alias Description | Votes |
---|---|
Ryuk is a possible alias for Conti. Ryuk is a type of malware known as ransomware, which has been utilized by the threat group ITG23 for several years. This group has been notorious for crypting their malware, with crypters seen in use with other malware such as Trickbot, Emotet, Cobalt Strike, and Ryuk. In 2019, most ransomware inves | 10 |
Black Basta is a possible alias for Conti. Black Basta is a notorious malware group known for its sophisticated ransomware attacks, which have targeted numerous high-profile entities. The group has demonstrated a remarkable ability to adapt their tactics, techniques, and procedures (TTPs), allowing them to effectively evade security defenses | 9 |
Blacksuit is a possible alias for Conti. BlackSuit is a malicious software (malware) that has been causing significant harm in the digital world. It infiltrates systems through dubious downloads, emails, or websites, and once inside, it can steal personal data, disrupt operations, or hold data hostage for ransom. BlackSuit malware, which i | 7 |
Akira is a possible alias for Conti. Akira is a form of malware, specifically ransomware, that has been involved in a significant number of cyber attacks since its first appearance. It has been particularly active since August 2024, when it was observed by Arctic Wolf Labs to be used in conjunction with another ransomware called Fog. T | 6 |
Lockbit Green is a possible alias for Conti. LockBit, also known as Gold Mystic and Water Selkie, is a notorious ransomware group that has been active since its inception in September 2019. It has developed several variants of its malware over the years, including LockBit 1.0, LockBit 2.0, LockBit 3.0, and most recently, LockBit Green. The gro | 6 |
Monti is a possible alias for Conti. Monti is a malicious software, or malware, specifically a member of the Linux ransomware family. Ransomware is designed to infiltrate computer systems, often without the user's knowledge, through suspect downloads, emails, or websites. Once inside, it can cause significant damage by stealing persona | 5 |
Blackbasta is a possible alias for Conti. BlackBasta is a notorious malware, particularly known for its ransomware attacks. The group behind it has been linked with other harmful software such as IcedID, NetSupport, Gozi, PikaBot, Pushdo, Quantum, Royal, and Nokoyawa. Artifacts and indicators of compromise (IoCs) suggest a possible relation | 5 |
Blackbyte is a possible alias for Conti. BlackByte, a threat actor believed to be an offshoot of the notorious Conti group, has been observed by cybersecurity experts exploiting a recently disclosed VMware ESXi vulnerability (CVE-2024-37085) to gain control over virtual machines and escalate privileges within compromised environments. This | 4 |
Zeon is a possible alias for Conti. Zeon, a known threat actor in the cybersecurity landscape, has been linked to several high-profile ransomware attacks. It was instrumental in crypting SVCReady and CargoBay loaders, observed in Quantum and Royal ransomware attacks respectively. Zeon has also employed third-party ransomware such as B | 4 |
AvosLocker is a possible alias for Conti. AvosLocker is a type of malware, specifically ransomware, known for its malicious intent to exploit and damage computer systems. This software often infiltrates systems undetected through suspicious downloads, emails, or websites, subsequently causing disruption in operations, theft of personal info | 3 |
Bl00dy is a possible alias for Conti. Bl00dy is a threat actor known for its malicious activities in the cyber world. The group, along with another threat actor called Black Basta, have recently been identified as exploiting bugs in ConnectWise ScreenConnect, a popular remote management tool. This exploitation has led to a significant i | 3 |
Gazprom is a possible alias for Conti. Gazprom, named after the Russian gas giant, is a malicious software (malware) that has been causing significant disruption in the digital world. The malware uses leaked Conti source code and is often mistaken for LockBit crypto-locker due to its similar operational style. This confusion is further c | 2 |
ITG23 is a possible alias for Conti. ITG23, also known as the Trickbot/Conti syndicate, is a significant threat actor that has been active since 2016 in the East European cybercrime arena. This group is renowned for its use of Reflective DLL Injection code in many of its crypters, with the presence of these crypters on a file sample be | 2 |
EXOTIC LILY is a possible alias for Conti. Exotic Lily, an initial access broker (IAB), has been active since at least September 2021. The entity conducts highly sophisticated phishing campaigns to gain initial access to organizations and then sells this access to other threat actors, including ransomware groups. A notable example of their m | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The Lockbit Malware is associated with Conti. LockBit is a type of malware, specifically a ransomware, that infiltrates systems to exploit and damage them. It's known for its disruptive activities such as stealing personal information or holding data hostage for ransom. The LockBit ransomware gang has claimed responsibility for several high-pro | is related to | 16 |
The TrickBot Malware is associated with Conti. TrickBot is a notorious malware developed by cybercriminals to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. This malicious software can steal personal information, disrupt operations, or even hold data hostage for ransom. Vladimir Dunaev, | Unspecified | 12 |
The REvil Malware is associated with Conti. REvil, a notorious ransomware, emerged as a significant threat to cybersecurity in the context of an increasing trend towards Ransomware as a Service (RaaS) model in 2020. It is connected with other first-stage malware such as Gootkit and Dridex, which pave the way for the REvil ransomware attack. T | Unspecified | 9 |
The Royal Ransomware Malware is associated with Conti. The Royal Ransomware, a harmful malware program designed to exploit and damage computer systems, operated from September 2022 through June 2023. It employed multi-threaded encryption to disrupt operations and hold data hostage for ransom. The ransomware was primarily disseminated through suspicious | is related to | 7 |
The Hive Malware is associated with Conti. Hive is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. It often enters undetected through dubious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. In one notable incident, an enti | Unspecified | 7 |
The Emotet Malware is associated with Conti. Emotet is a notorious malware, short for malicious software, that is designed to exploit and damage computers or devices. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user, with the potential to steal personal information, disrupt operations, | Unspecified | 6 |
The QakBot Malware is associated with Conti. Qakbot is a potent piece of malware, or malicious software, that infiltrates computer systems through suspicious downloads, emails, or websites. Once installed, it can steal personal information, disrupt operations, or even hold data hostage for ransom. This malware, built by various groups includin | Unspecified | 5 |
The Babuk Malware is associated with Conti. Babuk is a form of malware, specifically ransomware, that infiltrates computer systems and encrypts files, rendering them inaccessible to the user. It typically infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can disrupt operatio | Unspecified | 5 |
The Domino Malware is associated with Conti. Domino is a malicious software that infiltrated various systems, most notably IBM Domino Server and ESET Mail Security for IBM Domino, causing significant disruptions and data breaches. The malware was particularly potent due to its ability to exploit vulnerabilities in one system and trigger a domi | Unspecified | 5 |
The Bazarloader Malware is associated with Conti. BazarLoader is a type of malware developed by the TrickBot group, primarily used to gain initial access to a victim's infrastructure in ransomware attacks. This malware has been associated with various threat groups, including ITG23, which has used BazarLoader alongside other malware like Trickbot a | Unspecified | 4 |
The Karakurt Malware is associated with Conti. Karakurt is a malicious software (malware) that has been linked to significant data extortion activities. The malware is affiliated with the notorious Conti cybercrime syndicate and ITG23, which are known for their disruptive operations, including data theft and ransom demands. In 2023, there was a | Unspecified | 4 |
The Maze Malware is associated with Conti. Maze is a form of malicious software, or malware, that pioneered a novel double-extortion tactic in the cyber threat landscape. Its modus operandi involves stealing victims' files before encrypting them, thereby enabling the threat actors to threaten both the disruption of operations and the release | Unspecified | 3 |
The Egregor Malware is associated with Conti. Egregor is a malicious software variant of the Sekhmet ransomware that operates on a Ransomware-as-a-Service (RaaS) model. It is speculated to be associated with former Maze affiliates, and is notorious for its double extortion tactics, which involve not only encrypting the victim's data but also pu | Unspecified | 3 |
The Bumblebee Malware is associated with Conti. Bumblebee is a type of malware that has been linked to ITG23, a cyber threat group. Over the past year, it has been used in conjunction with other initial access malwares such as Emotet, IcedID, Qakbot, and Gozi during ITG23 attacks. The same values for self-signed certificates seen in Bumblebee hav | has used | 3 |
The Anchor Malware is associated with Conti. Anchor is a type of malware, a malicious software designed to exploit and damage computer systems. It often infiltrates systems through suspicious downloads, emails, or websites, and can lead to theft of personal information, disruption of operations, or even ransom attacks on data. Anchor has been | Unspecified | 3 |
The RTM Malware is associated with Conti. RTM is a malicious software, first reported as the RTM banking Trojan, that was initially detected by vendors such as Symantec and Microsoft in 2017. This malware operates on Windows 7 RTM (7600) and was later updated to a variant known as Redaman. The leaked source code of RTM has been utilized to | Unspecified | 3 |
The malware Conti, Lockbit is associated with Conti. | Unspecified | 3 |
The Diavol Malware is associated with Conti. Diavol is a type of malware, specifically ransomware, that infiltrates systems to exploit and cause damage. It can infect systems through various channels such as suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Diavol can steal personal information, disrupt ope | Unspecified | 3 |
The IcedID Malware is associated with Conti. IcedID is a prominent malware that has been utilized in various cyber-attacks. It functions as a malicious software designed to infiltrate and damage computer systems, often through suspicious downloads, emails, or websites. Once inside a system, IcedID can steal personal information, disrupt operat | Unspecified | 3 |
The Lockbit Black Malware is associated with Conti. LockBit Black, also known as LockBit 3.0, is a malicious software that emerged in early 2022 following the release of its predecessor, LockBit 2.0 (or LockBit Red) in mid-2021. The malware has been developed to exploit and damage computer systems by encrypting files, often leading to ransom demands | Unspecified | 3 |
The Bazarbackdoor Malware is associated with Conti. BazarBackdoor is a type of malware developed by ITG23, first identified in April 2020. It is commonly distributed via contact forms on corporate websites, bypassing regular phishing emails, which makes it harder to detect. The malware is often associated with BazarLoader, both of which were used ext | Unspecified | 3 |
The Nokoyawa Malware is associated with Conti. Nokoyawa is a prominent malware, specifically ransomware, that has been linked to numerous cybercrime activities since it first emerged in 2022. It has been associated with various other malware families including Quantum, Royal, BlackBasta, and a variety of others such as Emotet, IcedID, CobaltStri | is related to | 3 |
The Qbot Malware is associated with Conti. Qbot, also known as Qakbot or Pinkslipbot, is a modular information stealer malware that first emerged in 2007 as a banking trojan. Its evolution has seen it become an advanced strain of malware used by multiple cybercriminal groups to prepare compromised networks for ransomware infestations. The fi | Unspecified | 3 |
The Ragnar Locker Malware is associated with Conti. Ragnar Locker is a type of malware, specifically ransomware, known for its destructive impact on computer systems. It infiltrates systems primarily through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operations, or hold data hostage for rans | Unspecified | 3 |
The HELLOKITTY Malware is associated with Conti. HelloKitty is a malicious software (malware) that has been designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold dat | Unspecified | 2 |
The Brute Ratel Malware is associated with Conti. Brute Ratel is a malicious software (malware) that has been increasingly used by cyber threat actors to exploit and damage computer systems. It is often delivered through suspicious downloads, emails, or websites and can infiltrate systems without the user's knowledge. Once inside, Brute Ratel can s | Unspecified | 2 |
The Conti Encryptor Malware is associated with Conti. Conti Encryptor is a type of malware, a malicious software designed to exploit and damage computer systems. It can infiltrate systems through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once it has gained access, Conti Encryptor can cause s | Unspecified | 2 |
The Lockbit Red Malware is associated with Conti. LockBit, a notorious ransomware, underwent a significant upgrade to LockBit 2.0 (also known as LockBit Red) in mid-2021. This malware version, designed to exploit and damage computer systems, was often propagated through suspicious downloads, emails, or websites. Once infiltrated, it could steal per | Unspecified | 2 |
The Cobalt Strike Beacon Malware is associated with Conti. Cobalt Strike Beacon is a type of malware that has been linked to numerous ransomware activities. This malicious software is often loaded by HUI Loader, which has been identified in several instances (mpc.tmp, dlp.ini, vmtools.ini, and an encrypted version via vm.cfg). In one notable case, threat ac | Unspecified | 2 |
The Ghost Malware is associated with Conti. "Ghost" refers to a sophisticated malware network that was discovered and dismantled in 2020 following a two-year investigation led by Europol and global law enforcement agencies. The network, also known as the Stargazers Ghost Network, was found to be operating through GitHub accounts, distributing | Unspecified | 2 |
The Snatch Malware is associated with Conti. Snatch is a type of malware, specifically a ransomware, that poses significant threats to digital security. This malicious software infiltrates systems typically via suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, Snatch can cause extensive damage, inc | Unspecified | 2 |
The Milan Malware is associated with Conti. Milan is a malicious software, or malware, that was notably deployed by the cyber group OilRig in 2021. The group updated its DanBot backdoor and began deploying multiple backdoors including Shark, Milan, and Marlin. These backdoors were mentioned in the T3 2021 issue of the ESET Threat Report. Simi | Unspecified | 2 |
The Pysa Malware is associated with Conti. Pysa is a type of ransomware, a malicious software designed to exploit and damage computer systems by encrypting data and demanding ransom for its decryption. The Pysa ransomware group, known for its organizational hierarchy that includes senior executives, system admins, developers, recruiters, HR, | Unspecified | 2 |
The RTM Locker Malware is associated with Conti. RTM Locker is a recently emerged ransomware that targets enterprise systems, specifically Linux virtual machines on VMware ESXi servers. This malicious software was developed from the leaked source code of the now-defunct Babuk ransomware, which was made public by an alleged member of the Babuk grou | Unspecified | 2 |
The Anubis Malware is associated with Conti. Anubis, also known as IcedID or Bokbot, is a sophisticated piece of malware primarily functioning as a banking trojan. It was first discovered by X-Force in September 2017 and has since evolved to target a wide range of financial applications. Notably, Anubis has consistently ranked among the top fi | Unspecified | 2 |
The Dyre Malware is associated with Conti. Dyre, also known as Dyreza or Dyzap, is a banking Trojan that was initially designed to monitor online banking transactions with the aim of stealing passwords, money, or both. It first emerged in 2009 and 2010, targeting victim bank accounts held at various U.S.-based financial institutions. These i | Unspecified | 2 |
The malware Emotet, Trickbot is associated with Conti. | Unspecified | 2 |
The Bazaloader Malware is associated with Conti. BazaLoader is a type of malware, malicious software designed to exploit and damage computers or devices. It was typically distributed through email campaigns by threat actors such as TA578, who also used it to deliver other types of malware including Ursnif and IcedID. BazaLoader was last observed i | Unspecified | 2 |
The Dyreza Malware is associated with Conti. Dyreza, also known as Dyre, is a sophisticated banking trojan malware that has garnered significant attention over the past several years. This malicious software is designed to exploit and damage computer systems, often infecting them through suspicious downloads, emails, or websites without user k | Unspecified | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The Alphv Threat Actor is associated with Conti. Alphv, a threat actor also known as BlackCat, has been identified as a significant player in the cybercrime landscape. The group is responsible for numerous high-profile ransomware attacks, including a major breach of the Morrison Community Hospital, where they pilfered 5TB of data. Additionally, Al | Is from | 8 |
The Conti Team Threat Actor is associated with Conti. The Conti team, a threat actor group known for its malicious activities in the cyber realm, has seen significant developments and transformations over recent years. In September 2022, a splinter group from Conti Team One resurfaced under the name Royal Ransomware, conducting callback phishing attack | Unspecified | 6 |
The FIN7 Threat Actor is associated with Conti. FIN7, also known as Carbanak, Carbon Spider, Cobalt Group, and Navigator Group, is a notorious cybercrime group that has been active since 2012. The group is recognized for its advanced combination of malware and social engineering tactics, having executed numerous successful attacks against global | Unspecified | 5 |
The Blackmatter Threat Actor is associated with Conti. BlackMatter is a recognized threat actor in the cybersecurity industry, notorious for its malicious activities and the execution of ransomware attacks. The group initially operated as DarkSide, responsible for the high-profile Colonial Pipeline attack in May 2021, which led to significant attention | Unspecified | 4 |
The Wizard Spider Threat Actor is associated with Conti. Wizard Spider, also known as ITG23, DEV-0193, Trickbot Group, Fin12, and Grimspider, is a significant threat actor in the cybercrime landscape. This group has been continually analyzed by IBM Security X-Force researchers for its use of several crypters and is credited with creating the notorious, ev | Unspecified | 4 |
The DarkSide Threat Actor is associated with Conti. DarkSide is a threat actor known for its malicious activities, primarily in the realm of ransomware attacks. One of their most notable exploits occurred on May 7, 2021, when they targeted Colonial Pipeline Co., a major player in the U.S. energy sector. The attack disrupted the gasoline supply across | Unspecified | 4 |
The KillNet Threat Actor is associated with Conti. Killnet, a threat actor group with strong affiliations to Russia, has been implicated in a series of high-profile cyberattacks. The group's activities have been linked to Russia's geopolitical objectives and have been particularly active following Russia's ban from the 2022 FIFA World Cup due to its | Unspecified | 3 |
The Sodinokibi Threat Actor is associated with Conti. Sodinokibi, also known as REvil, is a significant threat actor first identified in April 2019. This ransomware family operates as a Ransomware-as-a-Service (RaaS) and has been responsible for one in three ransomware incidents responded to by IBM Security X-Force in 2020. The Sodinokibi ransomware st | Unspecified | 3 |
The Conti Ransomware Gang Threat Actor is associated with Conti. The Conti ransomware gang, a notorious threat actor in the cybersecurity landscape, has been responsible for extorting at least $180 million globally. The gang is infamous for the HSE cyberattack in 2021 and has been sanctioned by the National Crime Agency (NCA). In late 2021, experts suggested that | Unspecified | 3 |
The Vice Society Threat Actor is associated with Conti. Vice Society, a threat actor or hacking team with malicious intent, has been active since 2022 and has made significant waves in the cybersecurity world. The group is known for deploying various forms of ransomware, including BlackCat, Quantum Locker, Zeppelin, and their own branded variant of Zeppe | Unspecified | 2 |
The Hunters International Threat Actor is associated with Conti. Hunters International, an active threat actor group since October of the previous year, has been identified as a significant cybersecurity concern. The group has taken over and rebranded the Hive ransomware, despite their disputes about this association. This development followed the disbandment of | Unspecified | 2 |
The FIN12 Threat Actor is associated with Conti. FIN12, also known as DEV-0237 and Pistachio Tempest, is a threat actor group notorious for its malicious cyber activities. Tracked by Microsoft, this group is primarily engaged in the distribution of Hive, Conti, and Ryuk ransomware. The group has been responsible for several high-profile ransomware | Unspecified | 2 |
The LockBitSupp Threat Actor is associated with Conti. LockBitSupp, a threat actor and the alleged developer of one of the most prolific ransomware variants known as LockBit, has been identified as Russian national Dmitry Yuryevich Khoroshev. Khoroshev, who operated under aliases "LockBit" and "LockBitSupp," began developing the ransomware as early as S | Unspecified | 2 |
The Alphv Ransomware Group Threat Actor is associated with Conti. The ALPHV ransomware group, also known as BlackCat, is a significant cybersecurity threat that has been involved in several high-profile attacks. This threat actor, believed to be linked to Russian organized crime, has claimed responsibility for various cyberattacks, including the MGM Resorts breach | Unspecified | 2 |
The ITG14 Threat Actor is associated with Conti. ITG14, a threat actor identified in the cybersecurity industry, has recently been linked to malicious activities involving the Domino Backdoor. X-Force researchers have found substantial evidence connecting the Domino Backdoor to ITG14’s Carbanak Backdoor. The Domino Backdoor not only shares signifi | Unspecified | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The Proxyshell Vulnerability is associated with Conti. ProxyShell is a critical vulnerability affecting Microsoft Exchange email servers. It is a software design and implementation flaw that allows attackers to gain unauthorized access to the affected systems. The exploit chain for ProxyShell includes CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207. | has used | 2 |
The Log4Shell Vulnerability is associated with Conti. Log4Shell is a critical vulnerability in the popular Java library Log4j, identified by CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105. This flaw in software design or implementation can allow cybercriminals to execute arbitrary code on affected systems remotely. The vulnerability was widely expl | has used | 2 |
The Printnightmare Vulnerability is associated with Conti. PrintNightmare is a severe vulnerability (CVE-2021-34527) affecting the Windows Print Spooler service, allowing an attacker to escalate privileges either locally or remotely by loading a malicious DLL which will be executed as SYSTEM. This flaw in software design or implementation enables any authen | has used | 2 |
The vulnerability CVE-2022-41073 is associated with Conti. | Unspecified | 2 |
The CVE-2022-47966 Vulnerability is associated with Conti. CVE-2022-47966 is a critical vulnerability discovered in Zoho ManageEngine ServiceDesk Plus, a widely used IT management software. The flaw was exploited by malicious actors to gain unauthorized access to the organization's systems and networks. The exploitation started just five days after proof-of | has used | 2 |
The CVE-2022-42475 Vulnerability is associated with Conti. The critical zero-day vulnerability, CVE-2022-42475, was discovered in FortiGate firewalls during an incident investigation by the vendor. This flaw in software design or implementation allows an unauthenticated attacker to execute arbitrary code on affected systems. The vulnerability is present in | has used | 2 |
The vulnerability CVE-2020-0609 is associated with Conti. | has used | 2 |
The CVE-2021-34527 Vulnerability is associated with Conti. CVE-2021-34527, also known as PrintNightmare, is a software vulnerability that involves a flaw in software design or implementation. The exploitation process begins when a user clicks on a link which downloads a ZIP archive containing a malicious JScript (JS) downloader titled 'Stolen Images Evidenc | has used | 2 |
Preview | Source Link | CreatedAt | Title |
---|---|---|---|
DARKReading | 6 days ago | ||
InfoSecurity-magazine | 7 days ago | ||
Securityaffairs | 2 months ago | ||
Securityaffairs | a month ago | ||
Securelist | 2 months ago | ||
InfoSecurity-magazine | 2 months ago | ||
BankInfoSecurity | 2 months ago | ||
BankInfoSecurity | 2 months ago | ||
Securityaffairs | 3 months ago | ||
Securityaffairs | 3 months ago | ||
CERT-EU | 10 months ago | ||
Securelist | 3 months ago | ||
Securityaffairs | 3 months ago | ||
Securityaffairs | 3 months ago | ||
DARKReading | 3 months ago | ||
Securityaffairs | 4 months ago | ||
Securityaffairs | 4 months ago | ||
DARKReading | 4 months ago | ||
Securityaffairs | 4 months ago | ||
Securityaffairs | 4 months ago |