For a detailed advisory, download the pdf file here.
Conti Ransomware targets enterprises who have not patched their systems by exploiting old vulnerabilities. Conti Ransomware steals sensitive information from businesses and demands a ransom in exchange. CISA has issued a warning about the rise in Conti ransomware attacks. To avoid becoming a victim of Conti ransomware, the Hive Pro Threat Research team suggested you patch these vulnerabilities.
The techniques used by the Conti includes:
T1078 – Valid Accounts T1133 – External Remote Services T1566.001 – Phishing: Spearphishing Attachment T1566.002 – Phishing: Spearphishing Link T1059.003 – Command and Scripting Interpreter: Windows Command Shell T1106 – Native API T1055.001 – Process Injection: Dynamic-link Library Injection T1027 – Obfuscated Files or Information T1140 – Deobfuscate/Decode Files or Information T1110 – Brute Force T1558.003 – Steal or Forge Kerberos Tickets: Kerberoasting T1016 – System Network Configuration Discovery T1049 – System Network Connections Discovery T1057 – Process Discovery T1083 – File and Directory Discovery T1135 – Network Share Discovery T1021.002 – Remote Services: SMB/Windows Admin Shares T1080 – Taint Shared Content T1486 – Data Encrypted for Impact T1489 – Service Stop T1490 – Inhibit System Recovery
Actor Details
Vulnerability Details
Indicators of Compromise (IoCs)
| Type | Value |
| IPV4 | 162.244.80[.]235 85.93.88[.]165 185.141.63[.]120 82.118.21[.]1 |
Patch Links
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2017/ms17-010
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472
References
What’s new on HivePro
Get through updates and upcoming events, and more directly in your inbox