[MART] - Daily Diary #324 - Conti Ransomware Playbook Leaked

CTAS-MAT ctas-mat at appgate.com
Wed Aug 11 21:52:56 UTC 2021


I hope everyone is doing well!

Below is the entry for today.

08/11/2021 - Diary entry #324:

Conti Ramsomware is a group which operates in the ransomware-as-a-service (RaaS) business. The gang is known for attacking organizations, affecting their crucial services, such as hospitals, emergency medical services and law enforcement agencies.

Last week, an affiliate member of the group leaked the gang's technical manuals used to train affiliate members on how to access, move laterally, escalate access inside a hacked target and exfiltrate its data before encrypting the files. The affiliate's motivation was that the Conti group was not paying enough money to its operators.

Among the leaked content, there are screenshots of IP addresses where the Conti gang hosts Cobalt Strike C&C servers and files with instructions on how to use various hacking tools and legitimate software during a network intrusion.

All the information contained in the manuals can help security researchers to understand how Conti (and other ransomware families) operates.

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>

Felipe Tarijon de Almeida
Malware Analyst

E: felipe.tarijon at appgate.com<mailto:felipe.duarte at appgate.com>
O: +55 11 97467 9549

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/mart/attachments/20210811/bf42071d/attachment.htm>

More information about the MART mailing list