Skip to content

Hide Navigation Hide TOC

Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b)

Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies, particularly those in North America. As with other ransomware families, actors using Conti steal sensitive files and information from compromised networks, and threaten to publish this data unless the ransom is paid.(Citation: Cybereason Conti Jan 2021)(Citation: CarbonBlack Conti July 2020)(Citation: Cybleinc Conti January 2020)

Cluster A Galaxy A Cluster B Galaxy B Level
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b) Malware 1
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b) Malware 1
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b) Malware 1
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) Attack Pattern Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b) Malware 1
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b) Malware 1
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b) Malware 1
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b) Malware 1
Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a) Attack Pattern Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b) Malware 1
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b) Malware 1
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b) Malware 1
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b) Malware 1
Taint Shared Content - T1080 (246fd3c7-f5e3-466d-8787-4c13d9e3b61c) Attack Pattern Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b) Malware 1
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b) Malware 1
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b) Malware 1
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b) Malware 1
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b) Malware 1
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 2
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2