ioc[.]one - OSINT Cyber Threat Intelligence Database

Conti Ransomware | Qualys Security Blog

Tags

cmtmf-attack-pattern:	Boot Or Logon Autostart Execution Command And Scripting Interpreter Exploit Public-Facing Application Obfuscated Files Or Information Process Injection Scheduled Task/Job System Network Connections Discovery
country:	Russia
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Model Archive Collected Data - T1560 Archive Collected Data - T1532 Archive Via Utility - T1560.001 Boot Or Logon Autostart Execution - T1547 Command And Scripting Interpreter - T1623 Credentials - T1589.001 Credentials From Password Stores - T1555 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Dns - T1071.004 Dns - T1590.002 Domain Accounts - T1078.002 Domain Groups - T1069.002 Dynamic-Link Library Injection - T1055.001 Email Addresses - T1589.002 Exfiltration Over Web Service - T1567 Exfiltration To Cloud Storage - T1567.002 Exploitation Of Remote Services - T1428 Exploit Public-Facing Application - T1377 File And Directory Discovery - T1420 Impair Defenses - T1562 Impair Defenses - T1629 Inhibit System Recovery - T1490 Kerberoasting - T1558.003 Lateral Tool Transfer - T1570 Local Account - T1087.001 Local Account - T1136.001 Local Groups - T1069.001 System Network Configuration Discovery - T1422 System Network Connections Discovery - T1421 Malware - T1587.001 Malware - T1588.001 Obfuscated Files Or Information - T1406 Network Service Scanning - T1423 Process Discovery - T1424 System Information Discovery - T1426 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Process Injection - T1631 Remote Desktop Protocol - T1021.001 Scheduled Task - T1053.005 Scheduled Task/Job - T1603 Security Software Discovery - T1418.001 Security Software Discovery - T1518.001 Server - T1583.004 Server - T1584.004 Service Stop - T1489 Sharepoint - T1213.002 Smb/Windows Admin Shares - T1021.002 Software - T1592.002 Spearphishing Attachment - T1566.001 Spearphishing Attachment - T1598.002 Spearphishing Link - T1566.002 Spearphishing Link - T1598.003 Steal Or Forge Kerberos Tickets - T1558 Windows Command Shell - T1059.003 Winlogon Helper Dll - T1547.004 Tool - T1588.002 Vulnerabilities - T1588.006 Account Discovery - T1087 Brute Force - T1110 Command-Line Interface - T1059 Credential Dumping - T1003 Deobfuscate/Decode Files Or Information - T1140 Execution Through Api - T1106 Exploit Public-Facing Application - T1190 Exploitation Of Remote Services - T1210 External Remote Services - T1133 File And Directory Discovery - T1083 Remote File Copy - T1105 Kerberoasting - T1208 Network Service Scanning - T1046 Network Share Discovery - T1135 Obfuscated Files Or Information - T1027 Permission Groups Discovery - T1069 Powershell - T1086 Process Discovery - T1057 Process Injection - T1055 Remote Desktop Protocol - T1076 Remote Services - T1021 Remote System Discovery - T1018 Scheduled Task - T1053 Security Software Discovery - T1063 Spearphishing Attachment - T1193 Spearphishing Link - T1192 Startup Items - T1165 System Information Discovery - T1082 System Network Configuration Discovery - T1016 System Network Connections Discovery - T1049 System Owner/User Discovery - T1033 Winlogon Helper Dll - T1004 Windows Management Instrumentation - T1047 Valid Accounts - T1078 Taint Shared Content - T1080 User Execution - T1204 Exploit Public-Facing Application Exploitation Of Remote Services External Remote Services Network Service Scanning Remote File Copy Remote System Discovery Service Stop Spearphishing Attachment Valid Accounts User Execution

Show in Graph

Common Information

Type	Value
UUID	56b0087f-b3d2-4e47-9284-3637ab5bb6f9
Fingerprint	b4542551ed3daac1
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 18, 2021, 9:17 a.m.
Added to db	Sept. 26, 2022, 9:34 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Conti Ransomware
Title	Conti Ransomware \| Qualys Security Blog
Detected Hints/Tags/Attributes	175/4/50

Source URLs

	Redirection	Url
Details	Source	https://blog.qualys.com/vulnerabilities-threat-research/2021/11/18/conti-ransomware

URL Provider

Details	Provider	Source level domain
Details	qualys.com	blog.qualys.com

Attributes

Details	Type	#Events	Value
Details	CVE	91	cve-2021-34527
Details	CVE	126	cve-2017-0144
Details	CVE	217	cve-2020-1472
Details	File	1	conti_readme.txt
Details	sha256	1	eae876886f19ba384f55778634a35a1d975414e83f22f6111e3e792f706301fe
Details	MITRE ATT&CK Techniques	306	T1078
Details	MITRE ATT&CK Techniques	333	T1059.003
Details	MITRE ATT&CK Techniques	59	T1055.001
Details	MITRE ATT&CK Techniques	627	T1027
Details	MITRE ATT&CK Techniques	125	T1110
Details	MITRE ATT&CK Techniques	245	T1016
Details	MITRE ATT&CK Techniques	139	T1021.002
Details	MITRE ATT&CK Techniques	116	T1560.001
Details	MITRE ATT&CK Techniques	492	T1105
Details	MITRE ATT&CK Techniques	100	T1567.002
Details	MITRE ATT&CK Techniques	472	T1486
Details	MITRE ATT&CK Techniques	310	T1566.001
Details	MITRE ATT&CK Techniques	239	T1106
Details	MITRE ATT&CK Techniques	191	T1133
Details	MITRE ATT&CK Techniques	71	T1078.002
Details	MITRE ATT&CK Techniques	36	T1558.003
Details	MITRE ATT&CK Techniques	119	T1049
Details	MITRE ATT&CK Techniques	33	T1080
Details	MITRE ATT&CK Techniques	197	T1489
Details	MITRE ATT&CK Techniques	183	T1566.002
Details	MITRE ATT&CK Techniques	310	T1047
Details	MITRE ATT&CK Techniques	275	T1053.005
Details	MITRE ATT&CK Techniques	504	T1140
Details	MITRE ATT&CK Techniques	289	T1003
Details	MITRE ATT&CK Techniques	433	T1057
Details	MITRE ATT&CK Techniques	109	T1210
Details	MITRE ATT&CK Techniques	276	T1490
Details	MITRE ATT&CK Techniques	542	T1190
Details	MITRE ATT&CK Techniques	420	T1204
Details	MITRE ATT&CK Techniques	5	T1165
Details	MITRE ATT&CK Techniques	298	T1562.001
Details	MITRE ATT&CK Techniques	172	T1555
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	118	T1570
Details	MITRE ATT&CK Techniques	20	T1547.004
Details	MITRE ATT&CK Techniques	176	T1135
Details	MITRE ATT&CK Techniques	460	T1059.001
Details	MITRE ATT&CK Techniques	243	T1018
Details	MITRE ATT&CK Techniques	168	T1046
Details	MITRE ATT&CK Techniques	74	T1069.002
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	230	T1033
Details	MITRE ATT&CK Techniques	24	T1063
Details	MITRE ATT&CK Techniques	72	T1087.001
Details	MITRE ATT&CK Techniques	32	T1069.001