Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b)

Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies, particularly those in North America. As with other ransomware families, actors using Conti steal sensitive files and information from compromised networks, and threaten to publish this data unless the ransom is paid.(Citation: Cybereason Conti Jan 2021)(Citation: CarbonBlack Conti July 2020)(Citation: Cybleinc Conti January 2020)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b)	Malware	1
Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	1
Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b)	Malware	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	1
Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	1
Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a)	Attack Pattern	Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b)	Malware	1
Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b)	Malware	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	1
Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	1
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b)	Malware	1
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b)	Malware	1
Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b)	Malware	Taint Shared Content - T1080 (246fd3c7-f5e3-466d-8787-4c13d9e3b61c)	Attack Pattern	1
Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b)	Malware	Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b)	Attack Pattern	1
Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	1
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b)	Malware	1
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0)	Attack Pattern	Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b)	Malware	1
Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b)	Malware	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	1
Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	1
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	2