Skip to content

Hide Navigation Hide TOC

Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b)

Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies, particularly those in North America. As with other ransomware families, actors using Conti steal sensitive files and information from compromised networks, and threaten to publish this data unless the ransom is paid.(Citation: Cybereason Conti Jan 2021)(Citation: CarbonBlack Conti July 2020)(Citation: Cybleinc Conti January 2020)

Cluster A Galaxy A Cluster B Galaxy B Level
Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b) Malware Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 1
Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 1
Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b) Malware Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 1
Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b) Malware Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 1
Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b) Malware System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 1
Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b) Malware Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a) Attack Pattern 1
Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 1
Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b) Malware SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 1
Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 1
Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 1
Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 1
Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b) Malware Taint Shared Content - T1080 (246fd3c7-f5e3-466d-8787-4c13d9e3b61c) Attack Pattern 1
Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 1
Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 1
Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b) Malware Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern 1
Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b) Malware Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) Attack Pattern 1
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2