[MART] - Daily Diary #457 - Conti Syndicate and the Successor of Trickbot

CTAS-MAT ctas-mat at appgate.com
Mon Feb 21 20:49:14 UTC 2022 

Hello,
I hope everyone is doing well!

Below is the entry for today.

02/21/2022 - Diary entry #457

Covered in many of our Daily Diaries, most recently in our Daily Diary #395, Conti Ransomware is one of the most dangerous ransomware families active nowadays, operating using the double-extortion model.

Conti syndicate, the cybercrime group behind Conti Ransomware, uses multiple modules and malware pieces during its attacks, including information stealers, lateral movement tools, exploits, backdoors and botnets. Since 2016, Conti has grown a lot, becoming one of the major ransomware operations, affecting millions of devices worldwide.

Conti, in partnership (or ownership) of the old Ryuk Ransomware operation, has been using TrickBot (covered in our Daily Diary #303) to get access to corporate networks around the world. TrickBot is, today, one of the most dangerous tools in Conti operations.

With the popularity of TrickBot, AV solutions became better and better to detect it. Therefore, the developers behind it started to develop a new malware piece, tracked under the name BazarLoader (covered in our Daily Diary #131), used in the initial access. BazarLoader is much smaller, and has very limited functionality, but it's present in Conti toolkit as a way to breach into a network while lowering the chances of detection.

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



Felipe Duarte Domingues
Security Researcher
Appgate

E: felipe.duarte at appgate.com<mailto:felipe.duarte at appgate.com>
O: +55 19 98840 2509

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220221/e84504bb/attachment.htm>

More information about the MART mailing list