Threat Advisories:
🎧 Hive Force Labs: Critical Threats Affecting You This Week - 5 Minute Audio Intelligence Report
👥 Play Count: Loading...

Are you a victim of the Conti Ransomware?

Threat Level – Red | Vulnerability Report
Download PDF

For a detailed advisory, download the pdf file here.

Conti Ransomware targets enterprises who have not patched their systems by exploiting old vulnerabilities. Conti Ransomware steals sensitive information from businesses and demands a ransom in exchange. CISA has issued a warning about the rise in Conti ransomware attacks. To avoid becoming a victim of Conti ransomware, the Hive Pro Threat Research team suggested you patch these vulnerabilities.

The techniques used by the Conti includes:

T1078 – Valid Accounts T1133 – External Remote Services T1566.001 – Phishing: Spearphishing Attachment T1566.002 – Phishing: Spearphishing Link T1059.003 – Command and Scripting Interpreter: Windows Command Shell T1106 – Native API T1055.001 – Process Injection: Dynamic-link Library Injection T1027 – Obfuscated Files or Information T1140 – Deobfuscate/Decode Files or Information T1110 – Brute Force T1558.003 – Steal or Forge Kerberos Tickets: Kerberoasting T1016 – System Network Configuration Discovery T1049 – System Network Connections Discovery T1057 – Process Discovery T1083 – File and Directory Discovery T1135 – Network Share Discovery T1021.002 – Remote Services: SMB/Windows Admin Shares T1080 – Taint Shared Content T1486 – Data Encrypted for Impact T1489 – Service Stop T1490 – Inhibit System Recovery

Actor Details

Vulnerability Details

Indicators of Compromise (IoCs)

TypeValue
IPV4162.244.80[.]235
85.93.88[.]165
185.141.63[.]120
82.118.21[.]1

Patch Links

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2017/ms17-010

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472

References

https://us-cert.cisa.gov/ncas/alerts/aa21-265a

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox

Cybersecurity Leaders Dinner at Houston

CTEM for CISOs in 2025, brought to life by Al Lindseth.

Tuesday, October 7th, 2025
6.00 pm to 9.00 pm
Del FRISCOS Double Eagle Steakhouse, Houston TX