Conti

Malware updated 4 days ago (2024-11-29T14:17:50.547Z)
Download STIX
Preview STIX
Conti is a type of malware, specifically ransomware, which is designed to infiltrate and damage computer systems. This malicious software can enter systems through various methods such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. Conti has been linked with several other ransomware groups including Quantum, MountLocker, and most notably, the LockBit Green, which incorporated source code from Conti. The crypters used with Conti have been attributed to ITG23, a group known for using these to crypt malware on behalf of other groups like IcedID and Emotet. In mid-June, Ukrainian police arrested a hacker who developed a crypter used by both Conti and LockBit ransomware operations. This marked a significant turning point in the battle against this form of cybercrime. However, despite this victory, the legacy of Conti lived on through other groups. After the spectacular law enforcement takedown of Conti's operations in 2022, the Russian-language ransomware landscape was somewhat in flux, with many members likely joining other groups such as Royal ransomware and BlackBasta. The latter picked up where Conti left off, continuing to pose threats to vulnerable systems, particularly those with limited resources and outdated technology. The Conti Ransomware Operation was eventually shut down after its brand became toxic. However, its influence can still be felt, as seen in the activities of the Monti group and BlackByte group, both of which started their operations shortly after Conti's shutdown. These groups operate a ransomware-as-a-service (RaaS) model, and experts have linked them to the notorious Conti ransomware gang. Furthermore, a torrent file that downloads the Conti playbook, which was publicly leaked in 2021, continues to circulate, posing potential risks for future cyberattacks.
Description last updated: 2024-11-28T11:51:18.975Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Ryuk is a possible alias for Conti. Ryuk is a type of malware known as ransomware, which has been utilized by the threat group ITG23 for several years. This group has been notorious for crypting their malware, with crypters seen in use with other malware such as Trickbot, Emotet, Cobalt Strike, and Ryuk. In 2019, most ransomware inves
10
Black Basta is a possible alias for Conti. Black Basta is a notorious malware group known for its sophisticated ransomware attacks, which have targeted numerous high-profile entities. The group has demonstrated a remarkable ability to adapt their tactics, techniques, and procedures (TTPs), allowing them to effectively evade security defenses
9
Blacksuit is a possible alias for Conti. BlackSuit is a new strain of malware, specifically ransomware, that has been causing significant damage to computer systems. It is believed to be a rebranding of the Royal ransomware gang, as indicated by similarities in code between the two. This suspicion was confirmed by warnings from both the Cy
8
Akira is a possible alias for Conti. Akira is a potent ransomware that has been active since 2023, known for its aggressive encryption tactics and swift deployment. This malware, which brings a unique '80s aesthetic to the dark web, has quickly risen in prominence within the cybercrime landscape. It has targeted hundreds of victims glo
6
Lockbit Green is a possible alias for Conti. LockBit, also known as Gold Mystic and Water Selkie, is a notorious ransomware group that has been active since its inception in September 2019. It has developed several variants of its malware over the years, including LockBit 1.0, LockBit 2.0, LockBit 3.0, and most recently, LockBit Green. The gro
6
Monti is a possible alias for Conti. Monti is a malicious software, or malware, specifically a member of the Linux ransomware family. Ransomware is designed to infiltrate computer systems, often without the user's knowledge, through suspect downloads, emails, or websites. Once inside, it can cause significant damage by stealing persona
5
Blackbasta is a possible alias for Conti. BlackBasta is a notorious malware group that has emerged as a significant player in the ransomware space. The group has demonstrated an ability to adapt and evolve their tactics, making them a leading entity in the Russian-language ransomware domain. Initially, BlackBasta was observed using a botnet
5
Blackbyte is a possible alias for Conti. BlackByte, a threat actor believed to be an offshoot of the notorious Conti group, has been observed by cybersecurity experts exploiting a recently disclosed VMware ESXi vulnerability (CVE-2024-37085) to gain control over virtual machines and escalate privileges within compromised environments. This
4
Zeon is a possible alias for Conti. Zeon, a known threat actor in the cybersecurity landscape, has been linked to several high-profile ransomware attacks. It was instrumental in crypting SVCReady and CargoBay loaders, observed in Quantum and Royal ransomware attacks respectively. Zeon has also employed third-party ransomware such as B
4
AvosLocker is a possible alias for Conti. AvosLocker is a type of malware, specifically ransomware, known for its malicious intent to exploit and damage computer systems. This software often infiltrates systems undetected through suspicious downloads, emails, or websites, subsequently causing disruption in operations, theft of personal info
3
Bl00dy is a possible alias for Conti. Bl00dy is a threat actor known for its malicious activities in the cyber world. The group, along with another threat actor called Black Basta, have recently been identified as exploiting bugs in ConnectWise ScreenConnect, a popular remote management tool. This exploitation has led to a significant i
3
Gazprom is a possible alias for Conti. Gazprom, named after the Russian gas giant, is a malicious software (malware) that has been causing significant disruption in the digital world. The malware uses leaked Conti source code and is often mistaken for LockBit crypto-locker due to its similar operational style. This confusion is further c
2
ITG23 is a possible alias for Conti. ITG23, also known as the Trickbot/Conti syndicate, is a significant threat actor that has been active since 2016 in the East European cybercrime arena. This group is renowned for its use of Reflective DLL Injection code in many of its crypters, with the presence of these crypters on a file sample be
2
EXOTIC LILY is a possible alias for Conti. Exotic Lily, an initial access broker (IAB), has been active since at least September 2021. The entity conducts highly sophisticated phishing campaigns to gain initial access to organizations and then sells this access to other threat actors, including ransomware groups. A notable example of their m
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Malware
Ransom
Cybercrime
RaaS
Encryption
Russia
Botnet
Loader
Windows
Antivirus
Vulnerability
Exploit
Trojan
Cobalt Strike
russian
Extortion
Locker
Linux
Phishing
Backdoor
Crypter
Data Leak
Esxi
Source
Bitcoin
Exploits
Encrypt
Fraud
Police
Lateral Move...
CISA
Downloader
Crypting
Health
exploited
Uk
Tool
Kaspersky
Apt
Macos
Beacon
Ukraine
Payload
Proxy
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Lockbit Malware is associated with Conti. LockBit is a prominent ransomware-as-a-service (RaaS) malware that has been involved in numerous cyberattacks, demonstrating its staying power and adaptability. The malware, which can infiltrate systems through suspicious downloads, emails, or websites, is designed to exploit and damage computers oris related to
16
The TrickBot Malware is associated with Conti. TrickBot is a notorious malware developed by cybercriminals to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. This malicious software can steal personal information, disrupt operations, or even hold data hostage for ransom. Vladimir Dunaev,Unspecified
12
The REvil Malware is associated with Conti. REvil, also known as Sodinokibi, is a malicious software (malware) that operates on a Ransomware as a Service (RaaS) model. This model became increasingly popular in 2020, with first-stage malware like Dridex and Gootkit being linked to ransomware attacks such as BitPaymer and REvil respectively. ThUnspecified
9
The Royal Ransomware Malware is associated with Conti. Royal Ransomware is a form of malware that was active from September 2022 through June 2023. This malicious software, designed to exploit and damage computers or devices, would infiltrate systems via suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it could steais related to
7
The Hive Malware is associated with Conti. Hive is a form of malware, specifically ransomware, designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, Hive can steal personal information, disrupt operations, or hold data hostagUnspecified
7
The Emotet Malware is associated with Conti. Emotet is a notorious malware, short for malicious software, that is designed to exploit and damage computers or devices. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user, with the potential to steal personal information, disrupt operations, Unspecified
6
The QakBot Malware is associated with Conti. Qakbot is a type of malware, or malicious software, that infiltrates computer systems to exploit and damage them. This harmful program can infect devices through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt opeUnspecified
5
The Babuk Malware is associated with Conti. Babuk is a form of malware, specifically ransomware, that infiltrates computer systems and encrypts files, rendering them inaccessible to the user. It typically infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can disrupt operatioUnspecified
5
The Domino Malware is associated with Conti. Domino is a malicious software that infiltrated various systems, most notably IBM Domino Server and ESET Mail Security for IBM Domino, causing significant disruptions and data breaches. The malware was particularly potent due to its ability to exploit vulnerabilities in one system and trigger a domiUnspecified
5
The Clop Malware is associated with Conti. Clop, a malicious software (malware), is linked to a Russian-speaking cybercriminal group also known as Cl0p. It is designed to exploit and damage computer systems by stealing personal information, disrupting operations, or holding data hostage for ransom. In May 2023, the Clop group began exploitinUnspecified
5
The Qbot Malware is associated with Conti. Qbot, also known as Qakbot or Pinkslipbot, is a sophisticated malware that initially emerged in 2007 as a banking trojan. It has since evolved into an advanced strain used by various cybercriminal groups to infiltrate networks and prepare them for ransomware attacks. The first known use of an ITG23 Unspecified
4
The Bazarloader Malware is associated with Conti. BazarLoader is a type of malware developed by the TrickBot group, primarily used to gain initial access to a victim's infrastructure in ransomware attacks. This malware has been associated with various threat groups, including ITG23, which has used BazarLoader alongside other malware like Trickbot aUnspecified
4
The Karakurt Malware is associated with Conti. Karakurt is a malicious software (malware) that has been linked to significant data extortion activities. The malware is affiliated with the notorious Conti cybercrime syndicate and ITG23, which are known for their disruptive operations, including data theft and ransom demands. In 2023, there was a Unspecified
4
The Maze Malware is associated with Conti. Maze is a form of malicious software, or malware, that pioneered a novel double-extortion tactic in the cyber threat landscape. Its modus operandi involves stealing victims' files before encrypting them, thereby enabling the threat actors to threaten both the disruption of operations and the releaseUnspecified
3
The Egregor Malware is associated with Conti. Egregor is a malicious software variant of the Sekhmet ransomware that operates on a Ransomware-as-a-Service (RaaS) model. It is speculated to be associated with former Maze affiliates, and is notorious for its double extortion tactics, which involve not only encrypting the victim's data but also puUnspecified
3
The Bumblebee Malware is associated with Conti. Bumblebee is a type of malware that has been linked to ITG23, a cyber threat group. Over the past year, it has been used in conjunction with other initial access malwares such as Emotet, IcedID, Qakbot, and Gozi during ITG23 attacks. The same values for self-signed certificates seen in Bumblebee havhas used
3
The Anchor Malware is associated with Conti. Anchor is a type of malware, a harmful software designed to exploit and damage computers or devices. It can infiltrate systems through various means such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operatioUnspecified
3
The RTM Malware is associated with Conti. RTM is a malicious software, first reported as the RTM banking Trojan, that was initially detected by vendors such as Symantec and Microsoft in 2017. This malware operates on Windows 7 RTM (7600) and was later updated to a variant known as Redaman. The leaked source code of RTM has been utilized to Unspecified
3
The malware Conti, Lockbit is associated with Conti. Unspecified
3
The Diavol Malware is associated with Conti. Diavol is a type of malware, specifically ransomware, that infiltrates systems to exploit and cause damage. It can infect systems through various channels such as suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Diavol can steal personal information, disrupt opeUnspecified
3
The IcedID Malware is associated with Conti. IcedID is a malicious software (malware) that has been implicated in numerous cybercrime campaigns. It has been associated with other notable malware such as Qakbot, BazarLoader, CobaltStrike, Conti, Gozi, Trickbot, Quantum, Emotet, Pikabot, and SystemBC. Its distribution often involves the use of dUnspecified
3
The Lockbit Black Malware is associated with Conti. LockBit Black, also known as LockBit 3.0, is a malicious software that emerged in early 2022 following the release of its predecessor, LockBit 2.0 (or LockBit Red) in mid-2021. The malware has been developed to exploit and damage computer systems by encrypting files, often leading to ransom demands Unspecified
3
The Bazarbackdoor Malware is associated with Conti. BazarBackdoor is a type of malware developed by ITG23, first identified in April 2020. It is commonly distributed via contact forms on corporate websites, bypassing regular phishing emails, which makes it harder to detect. The malware is often associated with BazarLoader, both of which were used extUnspecified
3
The Nokoyawa Malware is associated with Conti. Nokoyawa is a prominent malware, specifically ransomware, that has been linked to numerous cybercrime activities since it first emerged in 2022. It has been associated with various other malware families including Quantum, Royal, BlackBasta, and a variety of others such as Emotet, IcedID, CobaltStriis related to
3
The Ragnar Locker Malware is associated with Conti. Ragnar Locker is a type of malware, specifically ransomware, known for its destructive impact on computer systems. It infiltrates systems primarily through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operations, or hold data hostage for ransUnspecified
3
The HELLOKITTY Malware is associated with Conti. HelloKitty is a malicious software (malware) that has been designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold datUnspecified
2
The Conti Encryptor Malware is associated with Conti. Conti Encryptor is a type of malware, a malicious software designed to exploit and damage computer systems. It can infiltrate systems through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once it has gained access, Conti Encryptor can cause sUnspecified
2
The Brute Ratel Malware is associated with Conti. Brute Ratel C4 (BRc4) is a potent malware that has been used in various cyber-attacks over the past 15 years. The malware infects systems through deceptive MSI installers, which deploy the BRc4 by disguising the payload as legitimate software such as vierm_soft_x64.dll under rundll32 execution. VariUnspecified
2
The Lockbit Red Malware is associated with Conti. LockBit, a notorious ransomware, underwent a significant upgrade to LockBit 2.0 (also known as LockBit Red) in mid-2021. This malware version, designed to exploit and damage computer systems, was often propagated through suspicious downloads, emails, or websites. Once infiltrated, it could steal perUnspecified
2
The Cobalt Strike Beacon Malware is associated with Conti. Cobalt Strike Beacon is a type of malware, a harmful software designed to exploit and damage computer systems. It is often loaded by HUI Loader through various files such as mpc.tmp, dlp.ini, vmtools.ini, and an encrypted file vm.cfg. The Insikt Group has identified six distinct Cobalt Strike BeaconUnspecified
2
The Ghost Malware is associated with Conti. The "Ghost" malware, first discovered in 2020, is a sophisticated and successful malicious software that has been discreetly distributed via a network of GitHub accounts known as the Stargazers Ghost Network. This network utilizes open-source and legitimate software repositories to exploit trust andUnspecified
2
The Snatch Malware is associated with Conti. Snatch is a type of malware, specifically a ransomware, that poses significant threats to digital security. This malicious software infiltrates systems typically via suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, Snatch can cause extensive damage, incUnspecified
2
The Milan Malware is associated with Conti. Milan is a malicious software, or malware, that has been linked to the OilRig cyber-espionage group. The malware was updated and deployed alongside other backdoors such as Shark, DanBot, and Marlin in 2021. Milan shares similar communication schemes with other OilRig backdoors, notably using URIs wiUnspecified
2
The Pysa Malware is associated with Conti. Pysa is a type of ransomware, a malicious software designed to exploit and damage computer systems by encrypting data and demanding ransom for its decryption. The Pysa ransomware group, known for its organizational hierarchy that includes senior executives, system admins, developers, recruiters, HR,Unspecified
2
The Anubis Malware is associated with Conti. Anubis, also known as IcedID or Bokbot, is a sophisticated piece of malware primarily functioning as a banking trojan. It was first discovered by X-Force in September 2017 and has since evolved to target a wide range of financial applications. Notably, Anubis has consistently ranked among the top fiUnspecified
2
The RTM Locker Malware is associated with Conti. RTM Locker is a recently emerged ransomware that targets enterprise systems, specifically Linux virtual machines on VMware ESXi servers. This malicious software was developed from the leaked source code of the now-defunct Babuk ransomware, which was made public by an alleged member of the Babuk grouUnspecified
2
The Dyre Malware is associated with Conti. Dyre, also known as Dyreza or Dyzap, is a banking Trojan that was initially designed to monitor online banking transactions with the aim of stealing passwords, money, or both. It first emerged in 2009 and 2010, targeting victim bank accounts held at various U.S.-based financial institutions. These iUnspecified
2
The Dyreza Malware is associated with Conti. Dyreza, also known as Dyre, is a sophisticated banking trojan malware that has garnered significant attention over the past several years. This malicious software is designed to exploit and damage computer systems, often infecting them through suspicious downloads, emails, or websites without user kUnspecified
2
The malware Emotet, Trickbot is associated with Conti. Unspecified
2
The Bazaloader Malware is associated with Conti. BazaLoader is a type of malware, malicious software designed to exploit and damage computers or devices. It was typically distributed through email campaigns by threat actors such as TA578, who also used it to deliver other types of malware including Ursnif and IcedID. BazaLoader was last observed iUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Alphv Threat Actor is associated with Conti. Alphv, also known as BlackCat, is a threat actor group that has been linked to numerous cyberattacks, particularly targeting the healthcare sector. The group made headlines when it stole 5TB of data from Morrison Community Hospital, causing significant disruption and raising concerns about patient pIs from
8
The Conti Team Threat Actor is associated with Conti. The Conti team, a threat actor group known for its malicious activities in the cyber realm, has seen significant developments and transformations over recent years. In September 2022, a splinter group from Conti Team One resurfaced under the name Royal Ransomware, conducting callback phishing attackUnspecified
6
The FIN7 Threat Actor is associated with Conti. FIN7, also known as Carbanak, Carbon Spider, Cobalt Group, and Navigator Group, is a notorious cybercrime group that has been active since 2012. The group is recognized for its advanced combination of malware and social engineering tactics, having executed numerous successful attacks against global Unspecified
5
The Blackmatter Threat Actor is associated with Conti. BlackMatter, a threat actor in the cybersecurity realm, is known for its malicious activities and has been linked to several ransomware strains. The group emerged as a successor to the DarkSide ransomware, which was responsible for the high-profile attack on the Colonial Pipeline in May 2021. HoweveUnspecified
4
The Wizard Spider Threat Actor is associated with Conti. Wizard Spider, also known as ITG23, DEV-0193, Trickbot Group, Fin12, and Grimspider, is a prominent cybercrime group. As per IBM Security X-Force's research, this threat actor is responsible for developing several crypters and has been expanding the number and variety of channels it uses to distribuUnspecified
4
The DarkSide Threat Actor is associated with Conti. DarkSide is a threat actor known for its malicious activities, primarily in the realm of ransomware attacks. One of their most notable exploits occurred on May 7, 2021, when they targeted Colonial Pipeline Co., a major player in the U.S. energy sector. The attack disrupted the gasoline supply acrossUnspecified
4
The KillNet Threat Actor is associated with Conti. Killnet is a threat actor or group with potential ties to the Russian government, known for its disruptive cyber-attacks. This group has been linked to several politically motivated attacks, including a significant assault on the Israeli government's website leading to its paralysis. Killnet has alsUnspecified
3
The Sodinokibi Threat Actor is associated with Conti. Sodinokibi, also known as REvil, is a highly active and impactful threat actor first identified in April 2019. Operating as a ransomware-as-a-service (RaaS), this group has been responsible for a significant proportion of global ransomware incidents. In 2020, Sodinokibi ransomware attacks accounted Unspecified
3
The Conti Ransomware Gang Threat Actor is associated with Conti. The Conti ransomware gang, a notorious threat actor in the cybersecurity landscape, has been responsible for extorting at least $180 million globally. The gang is infamous for the HSE cyberattack in 2021 and has been sanctioned by the National Crime Agency (NCA). In late 2021, experts suggested thatUnspecified
3
The ITG14 Threat Actor is associated with Conti. ITG14, a threat actor identified in the cybersecurity industry, has recently been linked to malicious activities involving the Domino Backdoor. X-Force researchers have found substantial evidence connecting the Domino Backdoor to ITG14’s Carbanak Backdoor. The Domino Backdoor not only shares signifiUnspecified
2
The Vice Society Threat Actor is associated with Conti. Vice Society, a threat actor or hacking team with malicious intent, has been active since 2022 and has made significant waves in the cybersecurity world. The group is known for deploying various forms of ransomware, including BlackCat, Quantum Locker, Zeppelin, and their own branded variant of ZeppeUnspecified
2
The Hunters International Threat Actor is associated with Conti. Hunters International, an active threat actor group since October of the previous year, has been identified as a significant cybersecurity concern. The group has taken over and rebranded the Hive ransomware, despite their disputes about this association. This development followed the disbandment of Unspecified
2
The FIN12 Threat Actor is associated with Conti. FIN12, also known as DEV-0237 and Pistachio Tempest, is a threat actor group notorious for its malicious cyber activities. Tracked by Microsoft, this group is primarily engaged in the distribution of Hive, Conti, and Ryuk ransomware. The group has been responsible for several high-profile ransomwareUnspecified
2
The LockBitSupp Threat Actor is associated with Conti. LockBitSupp, a prominent threat actor, has been identified as Russian national Dmitry Yuryevich Khoroshev. The group's activities have been under scrutiny due to its involvement in ransomware attacks and other cybercrimes. Khoroshev, who was operating under the aliases "LockBit" and "LockBitSupp," iUnspecified
2
The Alphv Ransomware Group Threat Actor is associated with Conti. The ALPHV ransomware group, also known as BlackCat, is a significant cybersecurity threat that has been involved in several high-profile attacks. This threat actor, believed to be linked to Russian organized crime, has claimed responsibility for various cyberattacks, including the MGM Resorts breachUnspecified
2
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The Proxyshell Vulnerability is associated with Conti. ProxyShell is a vulnerability that affects Microsoft Exchange email servers, posing a significant risk to organizations worldwide. This flaw in software design or implementation allows attackers to exploit the system and gain unauthorized access. Since early 2021, Iranian government-sponsored APT achas used
2
The Log4Shell Vulnerability is associated with Conti. Log4Shell is a significant software vulnerability (CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105) that exists in the Log4j Java-based logging utility. It was exploited by various Advanced Persistent Threat (APT) actors, including LockBit affiliates and GOLD MELODY (UNC961), to gain unauthorizedhas used
2
The Printnightmare Vulnerability is associated with Conti. PrintNightmare is a severe vulnerability (CVE-2021-34527) affecting the Windows Print Spooler service, allowing an attacker to escalate privileges either locally or remotely by loading a malicious DLL which will be executed as SYSTEM. This flaw in software design or implementation enables any authenhas used
2
The vulnerability CVE-2022-41073 is associated with Conti. Unspecified
2
The CVE-2022-47966 Vulnerability is associated with Conti. CVE-2022-47966 is a critical vulnerability discovered in Zoho ManageEngine ServiceDesk Plus, a widely used IT management software. The flaw was exploited by malicious actors to gain unauthorized access to the organization's systems and networks. The exploitation started just five days after proof-ofhas used
2
The vulnerability CVE-2020-0609 is associated with Conti. has used
2
The CVE-2022-42475 Vulnerability is associated with Conti. The critical zero-day vulnerability, CVE-2022-42475, was discovered in FortiGate firewalls during an incident investigation by the vendor. This flaw in software design or implementation allows an unauthenticated attacker to execute arbitrary code on affected systems. The vulnerability is present in has used
2
The CVE-2021-34527 Vulnerability is associated with Conti. CVE-2021-34527, also known as PrintNightmare, is a software vulnerability that involves a flaw in software design or implementation. The exploitation process begins when a user clicks on a link which downloads a ZIP archive containing a malicious JScript (JS) downloader titled 'Stolen Images Evidenchas used
2
Source Document References
Information about the Conti Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securityaffairs
3 days ago
DARKReading
8 days ago
DARKReading
5 days ago
Unit42
13 days ago
BankInfoSecurity
a month ago
Unit42
a month ago
DARKReading
a month ago
InfoSecurity-magazine
a month ago
Securityaffairs
3 months ago
Securityaffairs
2 months ago
Securelist
3 months ago
InfoSecurity-magazine
3 months ago
BankInfoSecurity
3 months ago
BankInfoSecurity
3 months ago
Securityaffairs
4 months ago
Securityaffairs
4 months ago
CERT-EU
a year ago
Securelist
4 months ago
Securityaffairs
4 months ago
Securityaffairs
4 months ago