Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b)

Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies, particularly those in North America. As with other ransomware families, actors using Conti steal sensitive files and information from compromised networks, and threaten to publish this data unless the ransom is paid.(Citation: Cybereason Conti Jan 2021)(Citation: CarbonBlack Conti July 2020)(Citation: Cybleinc Conti January 2020)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b)	Malware	1
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b)	Malware	1
Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b)	Malware	Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a)	Attack Pattern	1
Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b)	Malware	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	1
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b)	Malware	1
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b)	Malware	1
Taint Shared Content - T1080 (246fd3c7-f5e3-466d-8787-4c13d9e3b61c)	Attack Pattern	Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b)	Malware	1
Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b)	Malware	Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b)	Attack Pattern	1
Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	1
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b)	Malware	1
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0)	Attack Pattern	Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b)	Malware	1
Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b)	Malware	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	1
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b)	Malware	1
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b)	Malware	1
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b)	Malware	1
Conti - S0575 (4dea7d8e-af94-4bfb-afe4-7ff54f59308b)	Malware	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	1
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	2
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	2