|
gptkbp:instanceOf
|
malware
|
|
gptkbp:acceptsPaymentMethod
|
gptkb:Bitcoin
|
|
gptkbp:affects
|
gptkb:government_ministry
private companies
education sector
healthcare sector
organizations worldwide
|
|
gptkbp:associatedWith
|
gptkb:Ryuk_ransomware
|
|
gptkbp:developedBy
|
gptkb:Conti_cybercrime_group
|
|
gptkbp:encryption
|
victim files
|
|
gptkbp:firstAppearance
|
2020
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
Conti ransomware
|
|
gptkbp:language
|
gptkb:Russian
|
|
gptkbp:leakedBy
|
gptkb:ContiLeaks
|
|
gptkbp:notableBattle
|
gptkb:Costa_Rica_government
gptkb:Irish_Health_Service_Executive_(HSE)
|
|
gptkbp:notableFeature
|
gptkb:loyalty_program
customizable ransom notes
data leak site
fast encryption speed
highly automated attack chain
human-operated attacks
|
|
gptkbp:prohibitsTargeting
|
gptkb:CIS_countries
|
|
gptkbp:ransomNote
|
CONTI_README.txt
readme.txt
|
|
gptkbp:relatedTo
|
gptkb:Hive_ransomware
gptkb:LockBit_ransomware
gptkb:TrickBot_group
gptkb:Wizard_Spider
|
|
gptkbp:requires
|
ransom payment
|
|
gptkbp:shutDown
|
2022
|
|
gptkbp:sourceCodeLeaked
|
2022
|
|
gptkbp:target
|
gptkb:Windows_operating_system
|
|
gptkbp:uses
|
gptkb:Windows_Management_Instrumentation_(WMI)
gptkb:Cobalt_Strike
gptkb:living_off_the_land_binaries_(LOLBins)
gptkb:BazarLoader
gptkb:TrickBot
data exfiltration
phishing emails
PowerShell scripts
command and control servers
network propagation
Active Directory enumeration
double extortion
Kerberos ticket extraction
Windows Defender exclusion
credential dumping
remote desktop protocol (RDP) brute force
shadow copy deletion
|
|
gptkbp:bfsParent
|
gptkb:IcedID
gptkb:SystemBC
gptkb:Ryuk_ransomware
gptkb:TrickBot
gptkb:Wizard_Spider_group
|
|
gptkbp:bfsLayer
|
6
|