Conti Ransomware targets enterprises who have not patched their systems by exploiting old vulnerabilities. Conti Ransomware steals sensitive information from businesses and demands a ransom in exchange. CISA has issued a warning about the rise in Conti ransomware attacks. To avoid becoming a victim of Conti ransomware, the Hive Pro Threat Research team suggested you patch these vulnerabilities.

The techniques used by the Conti includes:

T1078 - Valid Accounts
T1133 - External Remote Services
T1566.001 - Phishing: Spearphishing Attachment
T1566.002 - Phishing: Spearphishing Link
T1059.003 - Command and Scripting Interpreter: Windows Command Shell
T1106 - Native API
T1055.001 - Process Injection: Dynamic-link Library Injection
T1027 - Obfuscated Files or Information
T1140 - Deobfuscate/Decode Files or Information
T1110 - Brute Force
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
T1016 - System Network Configuration Discovery
T1049 - System Network Connections Discovery
T1057 - Process Discovery
T1083 - File and Directory Discovery
T1135 - Network Share Discovery
T1021.002 - Remote Services: SMB/Windows Admin Shares
T1080 - Taint Shared Content
T1486 - Data Encrypted for Impact
T1489 - Service Stop
T1490 - Inhibit System Recovery

Actor Details

Vulnerability Details

Indicators of Compromise (IoCs)

Type	Value
IPV4	162.244.80[.]235
85.93.88[.]165
185.141.63[.]120
82.118.21[.]1

Patch Links

<https://docs.microsoft.com/en-us/security-updates/securitybulletins/2017/ms17-010>

<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>

<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472>

References

<https://us-cert.cisa.gov/ncas/alerts/aa21-265a>

qualysblog 3

nessus 27

mskb 14

githubexploit 50

cisa 6

thn 8

msrc 13

cvelist 2

ics 3

threatpost 11

kaspersky 2

hivepro 1

krebs 2

checkpoint_advisories 2

kitploit 1

openvas 15

vulnrichment 1

cve 1

cert 1

ubuntu 3

suse 2

carbonblack 2

securelist 1

malwarebytes 1

ubuntucve 1

samba 1

osv 3

cisa_kev 1

mscve 1

packetstorm 1

fedora 3

redhatcve 1

zdt 1

nvd 1

ibm 1

freebsd 1

archlinux 1

debiancve 1

attackerkb 1

metasploit 1

huawei 1

talosblog 1

rapid7blog 1

mageia 1

prion 1

cbl_mariner 1

trendmicroblog 1

qualysblog

Conti Ransomware

2021-11-18 17:17:56

Ransomware Insights from the FBI’s 2021 Internet Crime Report

2022-05-04 09:40:56

Microsoft Netlogon Vulnerability (CVE-2020-1472 – Zerologon) – Automatically Discover, Prioritize and Remediate Using Qualys VMDR®

2020-09-15 19:55:08

nessus

KB5004948: Windows 10 1607 and Windows Server 2016 OOB Security Update RCE (July 2021)

2021-07-08 00:00:00

KB5004951: Windows 7 and Windows Server 2008 R2 OOB Security Update RCE (July 2021)

2021-07-08 00:00:00

KB5004958: Windows Server 2012 R2 OOB Security Update RCE (July 2021)

2021-07-08 00:00:00

mskb

July 6, 2021—KB5004958 (Security-only update) Out-of-band

2021-07-01 07:00:00

July 6, 2021—KB5004959 (Security-only update) Out-of-band

2021-07-01 07:00:00

July 6, 2021—KB5004946 (OS Build 18363.1646) Out-of-band

2021-07-02 00:00:00

githubexploit

Exploit for Improper Privilege Management in Microsoft

2021-07-05 17:50:56

Exploit for Improper Privilege Management in Microsoft

2021-07-07 06:41:15

Exploit for Improper Privilege Management in Microsoft

2023-08-20 12:04:18

cisa

Russian State-Sponsored Cyber Actors Access Network Misconfigured with Default MFA Protocols

2022-03-15 00:00:00

CISA Issues Emergency Directive on Microsoft Windows Print Spooler

2021-07-13 00:00:00

Exploit for Netlogon Remote Protocol Vulnerability, CVE-2020-1472

2020-09-14 00:00:00

thn

FBI, CISA Warn of Russian Hackers Exploiting MFA and PrintNightmare Bug

2022-03-16 13:29:00

How to Mitigate Microsoft Print Spooler Vulnerability – PrintNightmare

2021-07-08 09:32:00

Researchers Share Techniques to Uncover Anonymized Ransomware Sites on Dark Web

2022-07-05 07:06:00

msrc

Windows Print Spooler の脆弱性情報 (CVE-2021-34527) に関するお客様向けガイダンス

2021-07-08 07:00:00

Clarified Guidance for CVE-2021-34527 Windows Print Spooler Vulnerability

2021-07-08 07:00:00

Out-of-Band (OOB) Security Update available for CVE-2021-34527

2021-07-06 23:36:00

cvelist

CVE-2021-34527 Windows Print Spooler Remote Code Execution Vulnerability

2021-07-02 21:25:11

CVE-2020-1472 Netlogon Elevation of Privilege Vulnerability

2020-08-17 19:13:05

ics

Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability

2022-05-02 12:00:00

#StopRansomware: Black Basta

2024-05-10 12:00:00

#StopRansomware: BianLian Ransomware Group

2023-05-16 12:00:00

threatpost

TrickBot Gang Enters Cybercrime Elite with Fresh Affiliates

2021-10-15 18:05:29

Microsoft Implements Windows Zerologon Flaw 'Enforcement Mode'

2021-01-15 21:47:20

Ryuk Ransomware Gang Uses Zerologon Bug for Lightning-Fast Attack

2020-10-19 16:36:00

kaspersky

KLA12214 RCE vulnerability in Microsoft Products (ESU)

2021-07-01 00:00:00

KLA12213 RCE vulnerability in Microsoft Windows

2021-07-01 00:00:00

hivepro

Russian threat actors leveraging misconfigured multifactor authentication to exploit PrintNightmare vulnerability

2022-03-18 13:58:03

krebs

Microsoft Issues Emergency Patch for Windows Flaw

2021-07-07 14:34:59

Microsoft: Attackers Exploiting ‘ZeroLogon’ Windows Flaw

2020-09-24 17:00:51

checkpoint_advisories

Windows Print Spooler Remote Code Execution (CVE-2021-34527)

2021-07-08 00:00:00

Winlogon Privilege Escalation (CVE-2020-1472)

2020-11-04 00:00:00

kitploit

Invoke-PSObfuscation - An In-Depth Approach To Obfuscating The Individual Components Of A PowerShell Payload Whether You'Re On Windows Or Kali Linux

2023-03-21 11:30:00

openvas

Microsoft Windows Print Spooler RCE Vulnerability (KB5005010, PrintNightmare)

2021-07-09 00:00:00

Mageia: Security Advisory (MGASA-2020-0380)

2022-01-28 00:00:00

openSUSE: Security Advisory for samba (openSUSE-SU-2020:1513-1)

2020-09-25 00:00:00

vulnrichment

CVE-2021-34527 Windows Print Spooler Remote Code Execution Vulnerability

2021-07-02 21:25:11

cve

CVE-2020-1472

2020-08-17 19:15:15

cert

Microsoft Windows Netlogon Remote Protocol (MS-NRPC) uses insecure AES-CFB8 initialization vector

2020-09-16 00:00:00

ubuntu

Samba vulnerability

2020-09-17 00:00:00

Samba vulnerability

2020-09-17 00:00:00

Samba update

2020-09-30 00:00:00

suse

Security update for samba (important)

2020-09-25 00:00:00

Security update for samba (important)

2020-09-24 00:00:00

carbonblack

Risk Score 101: What to look for in a Risk Score

2020-11-19 18:20:13

TAU Threat Advisory: Imminent Ransomware threat to U.S. Healthcare and Public Health Sector

2020-10-30 20:13:43

securelist

The future of cyberconflicts

2020-12-18 10:00:10

malwarebytes

The story of ZeroLogon

2021-01-19 18:37:09

ubuntucve

CVE-2020-1472

2020-09-16 00:00:00

samba

Unauthenticated domain takeover via netlogon ("ZeroLogon")

2020-09-18 00:00:00

osv

CVE-2020-1472

2020-08-17 19:15:15

samba vulnerability

2020-09-17 11:03:22

samba update

2020-09-30 13:44:33

cisa_kev

Microsoft Windows Print Spooler Remote Code Execution Vulnerability

2021-11-03 00:00:00

mscve

Netlogon Elevation of Privilege Vulnerability

2020-08-11 07:00:00

packetstorm

Zerologon Netlogon Privilege Escalation

2020-11-18 00:00:00

fedora

[SECURITY] Fedora 31 Update: samba-4.11.13-0.fc31

2020-10-04 01:26:52

[SECURITY] Fedora 32 Update: samba-4.12.7-0.fc32

2020-09-23 17:13:53

[SECURITY] Fedora 33 Update: samba-4.13.0-11.fc33

2020-09-25 17:25:08

redhatcve

CVE-2020-1472

2020-09-17 06:30:08

zdt

ZeroLogon - Netlogon Elevation of Privilege Exploit

2020-11-18 00:00:00

nvd

CVE-2020-1472

2020-08-17 19:15:15

ibm

Security Bulletin: Publicly disclosed vulnerability from Samba affects IBM Netezza Host Management

2020-12-24 11:01:33

freebsd

samba -- Unauthenticated domain takeover via netlogon

2020-01-01 00:00:00

archlinux

[ASA-202009-17] samba: access restriction bypass

2020-09-29 00:00:00

debiancve

CVE-2020-1472

2020-08-17 19:15:15

attackerkb

CVE-2020-1472

2020-08-17 00:00:00

metasploit

Netlogon Weak Cryptographic Authentication

2020-09-17 18:28:53

huawei

Security Advisory - Netlogon Elevation of Privilege Vulnerability

2020-11-05 00:00:00

talosblog

Microsoft Netlogon exploitation continues to rise

2020-09-29 09:04:58

rapid7blog

CVE-2020-1472 "Zerologon" Critical Privilege Escalation: What You Need To Know

2020-09-14 23:29:59

mageia

Updated samba packages fix security vulnerability

2020-09-30 13:01:40

prion

Privilege escalation

2020-08-17 19:15:00

cbl_mariner

CVE-2020-1472 affecting package samba for versions less than 4.12.5-4

2024-06-18 09:08:18

trendmicroblog

This Week in Security News: AWS Outposts Ready Launches With 32 Validated Partners and Staples Hit by a Data Breach

2020-09-18 12:03:07

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.967 High

EPSS

Percentile

99.7%

JSON

Related for HIVEPRO:8DA601C83DB9C139357327C06B06CB36