Monti

Malware Profile Updated 12 days ago
Download STIX
Preview STIX
The Monti group, a malicious cyber entity, has been active since June 2022, shortly after the Conti ransomware gang shut down its operations. The group is known for its malware, Monti, which is a particularly harmful program designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without user knowledge. Once inside, it can steal personal information, disrupt operations, or hold data hostage for ransom. Researchers have noticed multiple similarities between the tactics, techniques, and procedures (TTPs) of the Monti and Conti gangs, suggesting that Monti operators may have based their encryptor on Conti's leaked source code. In August 2023, after a two-month hiatus, the Monti ransomware operators returned with a new Linux variant of the encryptor. This variant was specifically employed in attacks aimed at organizations within the government and legal sectors. The malware was identified by its unique characteristic of embedding Esxi commands, as seen in both Royal and Monti ransomware samples. Most notably, the Monti ransomware gang claimed responsibility for a significant cyber attack on Wayne Memorial Hospital in Pennsylvania. This incident occurred recently, marking another successful infiltration into critical healthcare infrastructure by the group. The breach was publicized by the attackers themselves when they added the hospital to their Tor leak site, further exemplifying their disruptive and damaging capabilities. The attack on Wayne Memorial Hospital underscores the ongoing threat posed by the Monti group and the importance of robust cybersecurity measures.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Conti
5
Conti is a type of malware, specifically ransomware, known for its ability to disrupt operations, steal personal information, and hold data hostage for ransom. The malicious software infiltrates systems via suspicious downloads, emails, or websites, often unbeknownst to the user. It has been used in
ransom.linux.monti.thgocbc
1
Ransom.linux.monti.thgocbc is a new variant of the Monti malware, which has recently re-emerged after a two-month hiatus. This malicious software, known for its damaging effects on computer systems, has now been redesigned to target Linux operating systems, with particular focus on legal entities, f
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Linux
Encryption
Windows
Malware
Ransom
Fortiguard
Vulnerability
Encrypt
Data Leak
Esxi
At
NCSC
Hospital
Extortion
Infiltration
Phishing
Proxy
Source
Botnet
Android
WinRAR
netscaler
Zimbra
Ios
Moveit
Openssh
University
Vmware
Esxiargs
Locker
Denial of Se...
Cybercrime
Remote Code ...
Exploit
RCE (Remote ...
Zero Day
Ddos
Apt
Known Exploi...
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
LockbitUnspecified
2
LockBit is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. It can enter your system through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt
REvilUnspecified
1
REvil is a notorious form of malware, specifically ransomware, that infiltrates systems to disrupt operations and steal data. The ransomware operates on a Ransomware as a Service (RaaS) model, which gained traction in 2020. In this model, REvil, like other first-stage malware such as Dridex and Goot
Monti ransom.linux.monti.thgocbcUnspecified
1
Monti ransom.linux.monti.thgocbc is a malicious software (malware) variant of the Monti ransomware, designed to exploit and damage Linux-based systems. The malware can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can disrup
GootloaderUnspecified
1
GootLoader is a potent malware that forms part of the GootKit malware family, which has been active since 2014. The malware operates by exploiting systems through suspicious downloads, emails, or websites, often without the user's knowledge. Its primary targets are professionals working in law firms
HELLOKITTYUnspecified
1
HelloKitty is a malicious software (malware) that has been designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold dat
NoEscapeUnspecified
1
NoEscape is a malicious software that emerged as a rebrand of 'Avaddon,' known for its successful multi-extortion tactics. In October 2023, the French basketball team ASVEL fell victim to a data breach orchestrated by the NoEscape ransomware gang. This incident was part of a broader trend in the las
BabukUnspecified
1
Babuk is a type of malware, specifically ransomware, which is designed to infiltrate systems and hold data hostage for ransom. It can be delivered through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside a system, Babuk can disrupt operations and steal perso
Black BastaUnspecified
1
Black Basta is a notorious malware entity known for its devastating ransomware attacks. First emerging in June 2022, the group has since been associated with a series of high-profile cyber-attacks worldwide. This malware, like others, infiltrates systems through suspicious downloads, emails, or webs
RTM LockerUnspecified
1
RTM Locker is a recently emerged ransomware that targets enterprise systems, specifically Linux virtual machines on VMware ESXi servers. This malicious software was developed from the leaked source code of the now-defunct Babuk ransomware, which was made public by an alleged member of the Babuk grou
AkiraUnspecified
1
Akira is a malicious software, or malware, specifically a type of ransomware known for its disruptive and damaging effects. First surfacing in late 2023, it has continued to wreak havoc on various entities, including corporations and industries. This ransomware infects systems through suspicious dow
QwixxratUnspecified
1
QwixxRAT is a new form of malware that emerged in August 2023, as reported by SC Magazine and The Hacker News. This information-stealing software has been actively promoted on platforms like Discord and Telegram by threat actors. It's part of an ongoing malicious campaign alongside the deployment of
Ragnar LockerUnspecified
1
Ragnar Locker is a type of malware, specifically a ransomware, that has been designed to infiltrate computer systems, often without the user's knowledge. It can enter systems through suspicious downloads, emails, or websites and once inside, it has the capability to steal personal information, disru
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Conti Teamis related to
2
The Conti team, a threat actor group known for its malicious activities in the cyber realm, has seen significant developments and transformations over recent years. In September 2022, a splinter group from Conti Team One resurfaced under the name Royal Ransomware, conducting callback phishing attack
APT29Unspecified
1
APT29, also known as Cozy Bear, SVR group, BlueBravo, Nobelium, Midnight Blizzard, and The Dukes, is a threat actor linked to Russia. This group is notorious for its malicious activities in the cybersecurity realm, executing actions with harmful intent. It has been associated with several high-profi
Bronze StarlightUnspecified
1
Bronze Starlight, a Chinese threat actor group, has been linked to various malicious activities in the cybersecurity landscape. The group is known for deploying different types of ransomware payloads, including traditional ransomware schemes such as LockFile and name-and-shame models. Bronze Starlig
Conti Ransomware GangUnspecified
1
The Conti ransomware gang, a notorious threat actor in the cybersecurity landscape, has been responsible for extorting at least $180 million globally. The gang is infamous for the HSE cyberattack in 2021 and has been sanctioned by the National Crime Agency (NCA). In late 2021, experts suggested that
Midnight BlizzardUnspecified
1
Midnight Blizzard, a Russia-linked Advanced Persistent Threat (APT) group, has emerged as a significant cybersecurity concern. The group is known for executing actions with malicious intent and has been linked to several high-profile cyber attacks on global organizations. Notably, it breached the sy
QilinUnspecified
1
Qilin, a notable threat actor in the cybersecurity landscape, has been significantly active over the last two years, compromising more than 150 organizations across 25 countries and various industries. Originally evolving from the Agenda ransomware written in Go, Qilin has since transitioned to Rust
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Conti's ExsiUnspecified
1
None
CVE-2024-0769Unspecified
1
None
Source Document References
Information about the Monti Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
5 days ago
Security Affairs Malware Newsletter - Round 3
Securityaffairs
6 days ago
Security Affairs Malware Newsletter - Round 3
Securityaffairs
12 days ago
Security Affairs Malware Newsletter - Round 2
Securityaffairs
20 days ago
Security Affairs Malware Newsletter - Round 1
Securityaffairs
20 days ago
Security Affairs newsletter Round 479 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
23 days ago
LockBit group claims the hack of the Fairfield Memorial Hospital in the US
Securityaffairs
a month ago
Monti gang claims the hack of the Wayne Memorial Hospital in Pennsylvania
CERT-EU
4 months ago
D#NUT ransomware gang claims Ready or Not dev Void Interactive as a victimD#NUT ransomware gang claims Ready or Not dev Void Interactive as a victim | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
6 months ago
VMware confirms critical vCenter flaw now exploited in attacks
CERT-EU
7 months ago
Diablo Valley Oncology Cyberattack Claimed By Monti Group | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
7 months ago
How ransomware could cripple countries, not just companies | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
7 months ago
How ransomware could cripple countries, not just companies
CERT-EU
7 months ago
Behind the Scenes of Matveev's Ransomware Empire: Tactics and Team
CERT-EU
8 months ago
University Of Wollongong Data Breach Confirmed
Checkpoint
8 months ago
The Platform Matters: A Comparative Study on Linux and Windows Ransomware Attacks - Check Point Research
CERT-EU
9 months ago
State-sponsored attacks cede to financial scams in 2023, NCSC reports
CERT-EU
a year ago
Les dernières cyberattaques (22 août 2023) • Cybersécurité
Checkpoint
10 months ago
25th September – Threat Intelligence Report - Check Point Research
CERT-EU
10 months ago
New Zealand university operating despite cyberattack
CERT-EU
10 months ago
Hackers threaten to dump data stolen from Auckland University of Technology | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting