SYMBOLCOMMON_NAMEaka. SYNONYMS
elf.conti (Back to overview)

Conti

aka: Conti Locker

Ransomware

References
2023-09-07Department of JusticeOffice of Public Affairs
@online{affairs:20230907:multiple:8952f60, author = {Office of Public Affairs}, title = {{Multiple Foreign Nationals Charged in Connection with Trickbot Malware and Conti Ransomware Conspiracies}}, date = {2023-09-07}, organization = {Department of Justice}, url = {https://www.justice.gov/opa/pr/multiple-foreign-nationals-charged-connection-trickbot-malware-and-conti-ransomware}, language = {English}, urldate = {2023-09-08} } Multiple Foreign Nationals Charged in Connection with Trickbot Malware and Conti Ransomware Conspiracies
Conti Conti TrickBot
2022-09-28vmwareGiovanni Vigna
@online{vigna:20220928:esxitargeting:bd1ce9a, author = {Giovanni Vigna}, title = {{ESXi-Targeting Ransomware: The Threats That Are After Your Virtual Machines (Part 1)}}, date = {2022-09-28}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/09/esxi-targeting-ransomware-the-threats-that-are-after-your-virtual-machines-part-1.html}, language = {English}, urldate = {2022-10-10} } ESXi-Targeting Ransomware: The Threats That Are After Your Virtual Machines (Part 1)
Avoslocker Babuk Black Basta BlackCat BlackMatter Conti DarkSide HelloKitty Hive LockBit Luna RansomEXX RedAlert Ransomware REvil
2022-09-13AdvIntelAdvanced Intelligence
@online{intelligence:20220913:advintels:ea02331, author = {Advanced Intelligence}, title = {{AdvIntel's State of Emotet aka "SpmTools" Displays Over Million Compromised Machines Through 2022}}, date = {2022-09-13}, organization = {AdvIntel}, url = {https://www.advintel.io/post/advintel-s-state-of-emotet-aka-spmtools-displays-over-million-compromised-machines-through-2022}, language = {English}, urldate = {2022-09-19} } AdvIntel's State of Emotet aka "SpmTools" Displays Over Million Compromised Machines Through 2022
Conti Cobalt Strike Emotet Ryuk TrickBot
2022-08-22MicrosoftMicrosoft
@online{microsoft:20220822:extortion:67c26d4, author = {Microsoft}, title = {{Extortion Economics - Ransomware’s new business model}}, date = {2022-08-22}, organization = {Microsoft}, url = {https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE54L7v}, language = {English}, urldate = {2022-08-31} } Extortion Economics - Ransomware’s new business model
BlackCat Conti Hive REvil AgendaCrypt Black Basta BlackCat Brute Ratel C4 Cobalt Strike Conti Hive Mount Locker Nokoyawa Ransomware REvil Ryuk
2022-06-23KasperskyNikita Nazarov, Vasily Davydov, Natalya Shornikova, Vladislav Burtsev, Danila Nasonov
@techreport{nazarov:20220623:hateful:bae0681, author = {Nikita Nazarov and Vasily Davydov and Natalya Shornikova and Vladislav Burtsev and Danila Nasonov}, title = {{The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs}}, date = {2022-06-23}, institution = {Kaspersky}, url = {https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/06/23093553/Common-TTPs-of-the-modern-ransomware_low-res.pdf}, language = {English}, urldate = {2022-06-27} } The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs
Conti Hive BlackByte BlackCat Clop LockBit Mespinoza Ragnarok
2022-06-15ThreatStopOfir Ashman
@online{ashman:20220615:first:a157972, author = {Ofir Ashman}, title = {{First Conti, then Hive: Costa Rica gets hit with ransomware again}}, date = {2022-06-15}, organization = {ThreatStop}, url = {https://www.threatstop.com/blog/first-conti-then-hive-costa-rica-gets-hit-with-ransomware-again}, language = {English}, urldate = {2022-06-27} } First Conti, then Hive: Costa Rica gets hit with ransomware again
Conti Hive Conti Hive
2022-05-12Intel 471Intel 471
@online{471:20220512:what:05369d4, author = {Intel 471}, title = {{What malware to look for if you want to prevent a ransomware attack}}, date = {2022-05-12}, organization = {Intel 471}, url = {https://intel471.com/blog/malware-before-ransomware-trojan-information-stealer-cobalt-strike}, language = {English}, urldate = {2022-05-13} } What malware to look for if you want to prevent a ransomware attack
Conti BumbleBee Cobalt Strike IcedID Sliver
2022-05-11KasperskyGReAT
@online{great:20220511:new:a56bc90, author = {GReAT}, title = {{New ransomware trends in 2022}}, date = {2022-05-11}, organization = {Kaspersky}, url = {https://securelist.com/new-ransomware-trends-in-2022/106457/}, language = {English}, urldate = {2022-05-17} } New ransomware trends in 2022
BlackCat Conti DEADBOLT DoubleZero LockBit PartyTicket StealBit
2022-05-09MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
@online{team:20220509:ransomwareasaservice:13ec472, author = {Microsoft 365 Defender Threat Intelligence Team and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself}}, date = {2022-05-09}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself}, language = {English}, urldate = {2022-05-17} } Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
AnchorDNS BlackCat BlackMatter Conti DarkSide HelloKitty Hive LockBit REvil FAKEUPDATES Griffon ATOMSILO BazarBackdoor BlackCat BlackMatter Blister Cobalt Strike Conti DarkSide Emotet FiveHands Gozi HelloKitty Hive IcedID ISFB JSSLoader LockBit LockFile Maze NightSky Pandora Phobos Phoenix Locker PhotoLoader QakBot REvil Rook Ryuk SystemBC TrickBot WastedLocker BRONZE STARLIGHT
2022-04-21SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20220421:gold:5d6ad6d, author = {Counter Threat Unit ResearchTeam}, title = {{GOLD ULRICK Continues Conti Operations Despite Public Disclosures}}, date = {2022-04-21}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/gold-ulrick-continues-conti-operations-despite-public-disclosures}, language = {English}, urldate = {2022-04-29} } GOLD ULRICK Continues Conti Operations Despite Public Disclosures
Conti Conti
2022-04-18TrellixMarc Elias, Jambul Tologonov, Alexandre Mundo
@online{elias:20220418:conti:b15356d, author = {Marc Elias and Jambul Tologonov and Alexandre Mundo}, title = {{Conti Group Targets ESXi Hypervisors With its Linux Variant}}, date = {2022-04-18}, organization = {Trellix}, url = {https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/conti-group-targets-esxi-hypervisors-with-its-linux-variant.html}, language = {English}, urldate = {2022-04-20} } Conti Group Targets ESXi Hypervisors With its Linux Variant
Conti Conti
2022-03-18eSentireeSentire Threat Response Unit (TRU)
@online{tru:20220318:analysis:fd06091, author = {eSentire Threat Response Unit (TRU)}, title = {{Analysis of Leaked Conti Intrusion Procedures by eSentire’s Threat Response Unit (TRU)}}, date = {2022-03-18}, organization = {eSentire}, url = {https://www.esentire.com/blog/analysis-of-leaked-conti-intrusion-procedures-by-esentires-threat-response-unit-tru}, language = {English}, urldate = {2022-05-23} } Analysis of Leaked Conti Intrusion Procedures by eSentire’s Threat Response Unit (TRU)
Conti Conti
2022Symposium on Electronic Crime ResearchIan W. Gray, Jack Cable, Benjamin Brown, Vlad Cuiujuclu, Damon McCoy
@techreport{gray:2022:money:7cffc36, author = {Ian W. Gray and Jack Cable and Benjamin Brown and Vlad Cuiujuclu and Damon McCoy}, title = {{Money Over Morals: A Business Analysis of Conti Ransomware}}, date = {2022}, institution = {Symposium on Electronic Crime Research}, url = {https://damonmccoy.com/papers/Ransomware_eCrime22.pdf}, language = {English}, urldate = {2023-04-22} } Money Over Morals: A Business Analysis of Conti Ransomware
Conti Conti

There is no Yara-Signature yet.