Statements (50)
Predicate | Object |
---|---|
gptkbp:instanceOf |
cyberattack campaign
|
gptkbp:associatedWith |
gptkb:Ryuk_ransomware
|
gptkbp:ceased_operations |
2022
|
gptkbp:connectsTo |
gptkb:Wizard_Spider
|
gptkbp:firstReported |
2020
|
https://www.w3.org/2000/01/rdf-schema#label |
Conti ransomware campaigns
|
gptkbp:interruptedBy |
gptkb:law_enforcement
|
gptkbp:leakSite |
gptkb:Conti_News
|
gptkbp:notableEvent |
gptkb:HSE_Ireland_attack
Costa Rica government attack |
gptkbp:perpetrator |
gptkb:Conti_ransomware_group
|
gptkbp:ransomDemanded |
gptkb:cryptocurrency
|
gptkbp:target |
gptkb:government_agency
healthcare sector organizations worldwide critical infrastructure |
gptkbp:technique |
double extortion
|
gptkbp:TTPs |
gptkb:Cobalt_Strike
gptkb:Kerberos_ticket_abuse gptkb:Windows_Defender_exclusion_abuse data encryption data exfiltration phishing emails PowerShell scripts living off the land techniques malicious attachments remote access tools RDP brute force lateral movement privilege escalation scheduled tasks network reconnaissance credential dumping public shaming of victims shadow copy deletion Active Directory compromise disabling security software domain controller compromise negotiation with victims threatening data leaks use of Tor for communication use of affiliate model use of cryptocurrency wallets use of custom ransomware builder use of encrypted chat channels use of remote desktop protocol use of stolen credentials |
gptkbp:usesMalware |
gptkb:Conti_ransomware
|
gptkbp:bfsParent |
gptkb:BazarLoader
|
gptkbp:bfsLayer |
6
|