.. | ||
README.md |
Conti - Cyber Threat Intelligence
These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as Conti. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.
Live data and more analysis capabilities are available at https://vuldb.com/?actor.conti
Campaigns
The following campaigns are known and can be associated with Conti:
- BazarLoader
- Cobalt Strike
Countries
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Conti:
There are 16 more country items available. Please use our online service to access the data.
IOC - Indicator of Compromise
These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of Conti.
ID | IP address | Hostname | Campaign | Confidence |
---|---|---|---|---|
1 | 1.1.1.1 | one.one.one.one | - | High |
2 | 1.1.1.2 | - | - | High |
3 | 1.1.1.22 | - | - | High |
4 | 1.1.1.23 | - | - | High |
5 | 1.1.1.31 | - | - | High |
6 | 1.1.1.32 | - | - | High |
7 | 1.1.1.47 | - | - | High |
8 | 1.1.1.56 | - | - | High |
9 | 1.1.1.112 | - | - | High |
10 | 1.1.1.132 | - | - | High |
11 | 1.1.2.1 | - | - | High |
12 | 1.1.2.2 | - | - | High |
13 | 1.1.2.4 | - | - | High |
14 | 1.1.3.6 | - | - | High |
15 | 1.1.3.7 | - | - | High |
16 | 1.1.3.8 | - | - | High |
17 | 1.1.4.1 | - | - | High |
18 | 1.1.4.19 | - | - | High |
19 | 1.1.4.223 | - | - | High |
20 | 1.1.5.1 | - | - | High |
21 | 1.1.6.1 | - | - | High |
22 | 1.1.7.32 | - | - | High |
23 | 1.1.8.1 | - | - | High |
24 | 1.1.8.23 | - | - | High |
25 | 1.1.9.1 | - | - | High |
26 | 1.1.9.6 | - | - | High |
27 | 1.1.9.33 | - | - | High |
28 | 1.1.9.126 | - | - | High |
29 | 1.1.11.1 | - | - | High |
30 | 1.1.12.1 | - | - | High |
31 | 1.1.19.1 | - | - | High |
32 | 1.1.21.1 | - | - | High |
33 | 1.1.25.1 | - | - | High |
34 | 1.1.28.1 | - | - | High |
35 | 1.1.83.99 | - | - | High |
36 | 1.2.1.2 | - | - | High |
37 | 1.2.1.7 | - | - | High |
38 | 1.2.1.24 | - | - | High |
39 | 1.2.1.25 | - | - | High |
40 | 1.2.1.53 | - | - | High |
41 | 1.2.1.85 | - | - | High |
42 | 1.2.2.3 | - | - | High |
43 | 1.2.2.37 | - | - | High |
44 | 1.2.3.4 | - | - | High |
45 | 1.2.3.14 | - | - | High |
46 | 1.2.3.255 | - | - | High |
47 | 1.2.4.28 | - | - | High |
48 | 1.2.6.7 | - | - | High |
49 | 1.2.11.1 | - | - | High |
50 | 1.2.11.2 | - | - | High |
51 | 1.2.14.135 | - | - | High |
52 | 1.2.18.5 | - | - | High |
53 | 1.2.22.1 | - | - | High |
54 | 1.2.23.1 | - | - | High |
55 | 1.2.25.1 | - | - | High |
56 | 1.2.26.1 | - | - | High |
57 | 1.2.31.2 | - | - | High |
58 | 1.2.126.84 | - | - | High |
59 | 1.3.1.1 | - | - | High |
60 | 1.3.1.173 | - | - | High |
61 | 1.3.2.18 | - | - | High |
62 | 1.3.2.74 | - | - | High |
63 | 1.3.3.41 | - | - | High |
64 | 1.3.4.66 | - | - | High |
65 | 1.3.6.9 | - | - | High |
66 | 1.3.21.115 | - | - | High |
67 | 1.3.25.11 | - | - | High |
68 | 1.3.26.4 | - | - | High |
69 | 1.3.28.15 | - | - | High |
70 | 1.3.31.5 | - | - | High |
71 | 1.3.32.136 | - | - | High |
72 | 1.3.33.17 | - | - | High |
73 | 1.3.33.23 | - | - | High |
74 | 1.3.34.7 | - | - | High |
75 | 1.3.34.17 | - | - | High |
76 | 1.3.34.26 | - | - | High |
77 | 1.3.35.1 | - | - | High |
78 | 1.3.35.45 | - | - | High |
79 | 1.3.36.6 | - | - | High |
80 | 1.3.36.51 | - | - | High |
81 | 1.3.38.13 | - | - | High |
82 | 1.3.38.16 | - | - | High |
83 | 1.3.38.34 | - | - | High |
84 | 1.3.38.35 | - | - | High |
85 | 1.3.38.92 | - | - | High |
86 | 1.3.38.94 | - | - | High |
87 | 1.3.85.73 | - | - | High |
88 | 1.3.129.37 | - | - | High |
89 | 1.3.135.29 | - | - | High |
90 | 1.3.151.27 | - | - | High |
91 | 1.3.153.47 | - | - | High |
92 | 1.3.153.53 | - | - | High |
93 | 1.3.153.55 | - | - | High |
94 | 1.3.153.57 | - | - | High |
95 | 1.4.1.255 | - | - | High |
96 | 1.4.2.1 | - | - | High |
97 | 1.4.2.79 | - | - | High |
98 | 1.4.2.82 | - | - | High |
99 | 1.4.3.1 | - | - | High |
100 | 1.4.3.3 | - | - | High |
101 | 1.4.4.1 | - | - | High |
102 | 1.4.5.5 | - | - | High |
103 | 1.4.5.17 | - | - | High |
104 | 1.4.7.1 | - | - | High |
105 | 1.4.8.2 | - | - | High |
106 | 1.4.9.2 | - | - | High |
107 | 1.4.14.1 | - | - | High |
108 | 1.4.14.2 | - | - | High |
109 | 1.4.15.1 | - | - | High |
110 | 1.4.22.1 | - | - | High |
111 | 1.4.32.1 | - | - | High |
112 | 1.5.1.7 | - | - | High |
113 | 1.5.2.1 | - | - | High |
114 | 1.5.6.15 | - | - | High |
115 | 1.5.6.17 | - | - | High |
116 | 1.5.6.19 | - | - | High |
117 | 1.5.7.9 | - | - | High |
118 | 1.6.2.4 | - | - | High |
119 | 1.6.3.1 | - | - | High |
120 | 1.6.3.24 | - | - | High |
121 | 1.7.2.4 | - | - | High |
122 | 1.7.4.3 | - | - | High |
123 | 1.7.5.63 | - | - | High |
124 | 1.7.45.16 | - | - | High |
125 | 1.8.3.212 | - | - | High |
126 | 1.8.4.1 | - | - | High |
127 | 1.9.1.15 | - | - | High |
128 | 1.9.2.8 | - | - | High |
129 | 1.9.5.68 | - | - | High |
130 | 1.9.7.2 | - | - | High |
131 | 1.9.7.27 | - | - | High |
132 | 1.13.2.28 | - | - | High |
133 | 1.16.33.1 | - | - | High |
134 | 1.16.41.3 | - | - | High |
135 | 1.16.43.1 | - | - | High |
136 | 1.16.47.1 | - | - | High |
137 | 1.16.56.1 | - | - | High |
138 | 1.16.61.1 | - | - | High |
139 | 1.18.15.1 | - | - | High |
140 | 1.19.9.1 | - | - | High |
141 | 1.21.1.38 | - | - | High |
142 | 1.21.2.1 | 1-21-2-1.s1st1.gt1.hqmo.net | - | High |
143 | 1.31.1.122 | - | - | High |
144 | 1.31.8.1 | - | - | High |
145 | 1.31.36.19 | - | - | High |
146 | 1.31.36.23 | - | - | High |
147 | 1.31.38.54 | - | - | High |
148 | 1.35.127.1 | 1-35-127-1.dynamic-ip.hinet.net | - | High |
149 | 1.35.133.1 | 1-35-133-1.dynamic-ip.hinet.net | - | High |
150 | 1.43.128.3 | n1-43-128-3.mas2.nsw.optusnet.com.au | - | High |
151 | 1.45.2.52 | - | - | High |
152 | 1.49.213.1 | - | - | High |
153 | 1.67.12.19 | mo1-67-12-19.air.mopera.net | - | High |
154 | 1.67.12.24 | mo1-67-12-24.air.mopera.net | - | High |
155 | 2.1.1.1 | - | - | High |
156 | 2.1.1.3 | - | - | High |
157 | 2.1.1.116 | - | - | High |
158 | 2.1.3.5 | - | - | High |
159 | 2.1.3.127 | - | - | High |
160 | 2.1.6.9 | - | - | High |
161 | 2.1.8.6 | - | - | High |
162 | 2.1.9.5 | - | - | High |
163 | 2.1.28.1 | - | - | High |
164 | 2.1.28.63 | - | - | High |
165 | 2.1.67.1 | - | - | High |
166 | 2.1.71.14 | - | - | High |
167 | 2.2.1.37 | - | - | High |
168 | 2.2.2.2 | - | - | High |
169 | 2.2.3.51 | - | - | High |
170 | 2.2.3.57 | - | - | High |
171 | 2.2.3.148 | - | - | High |
172 | 2.2.4.35 | - | - | High |
173 | 2.2.4.44 | - | - | High |
174 | 2.2.4.85 | - | - | High |
175 | 2.2.5.1 | - | - | High |
176 | 2.2.6.87 | - | - | High |
177 | 2.2.32.1 | - | - | High |
178 | 2.2.51.84 | - | - | High |
179 | 2.3.1.4 | lfbn-cle-1-2-4.w2-3.abo.wanadoo.fr | - | High |
180 | 2.3.2.26 | lfbn-cle-1-113-26.w2-3.abo.wanadoo.fr | - | High |
181 | 2.3.2.48 | lfbn-cle-1-113-48.w2-3.abo.wanadoo.fr | - | High |
182 | 2.3.3.1 | lfbn-cle-1-180-1.w2-3.abo.wanadoo.fr | - | High |
183 | 2.3.3.3 | lfbn-cle-1-180-3.w2-3.abo.wanadoo.fr | - | High |
184 | 2.3.4.5 | lfbn-cle-1-191-5.w2-3.abo.wanadoo.fr | - | High |
185 | 2.3.25.112 | lfbn-cle-1-169-112.w2-3.abo.wanadoo.fr | - | High |
186 | 2.3.69.53 | lfbn-cle-1-223-53.w2-3.abo.wanadoo.fr | - | High |
187 | 2.4.1.2 | lfbn-mon-1-514-2.w2-4.abo.wanadoo.fr | - | High |
188 | 2.4.1.51 | lfbn-mon-1-514-51.w2-4.abo.wanadoo.fr | - | High |
189 | 2.4.2.1 | lfbn-mon-1-625-1.w2-4.abo.wanadoo.fr | - | High |
190 | 2.4.3.35 | lfbn-mon-1-692-35.w2-4.abo.wanadoo.fr | - | High |
191 | 2.4.4.75 | lfbn-mon-1-703-75.w2-4.abo.wanadoo.fr | - | High |
192 | 2.4.4.184 | lfbn-mon-1-703-184.w2-4.abo.wanadoo.fr | - | High |
193 | 2.4.8.1 | lfbn-mon-1-747-1.w2-4.abo.wanadoo.fr | - | High |
194 | 2.5.1.15 | alille-656-1-156-15.w2-5.abo.wanadoo.fr | - | High |
195 | 2.5.1.177 | alille-656-1-156-177.w2-5.abo.wanadoo.fr | - | High |
196 | 2.5.2.26 | alille-656-1-157-26.w2-5.abo.wanadoo.fr | - | High |
197 | 2.5.8.27 | aamiens-157-1-19-27.w2-5.abo.wanadoo.fr | - | High |
198 | 2.5.171.27 | - | - | High |
199 | 2.6.1.5 | - | - | High |
200 | 2.6.3.1 | - | - | High |
201 | 2.6.3.135 | - | - | High |
202 | 2.6.5.1 | atoulouse-652-1-38-1.w2-6.abo.wanadoo.fr | - | High |
203 | 2.7.1.111 | lfbn-lyo-1-258-111.w2-7.abo.wanadoo.fr | - | High |
204 | 2.8.3.3 | anantes-650-1-206-3.w2-8.abo.wanadoo.fr | - | High |
205 | 2.8.3.96 | anantes-650-1-206-96.w2-8.abo.wanadoo.fr | - | High |
206 | 2.8.4.1 | anantes-650-1-207-1.w2-8.abo.wanadoo.fr | - | High |
207 | 2.8.25.18 | anantes-650-1-122-18.w2-8.abo.wanadoo.fr | - | High |
208 | 2.8.31.13 | anantes-159-1-30-13.w2-8.abo.wanadoo.fr | - | High |
209 | 2.8.51.16 | anantes-557-1-196-16.w2-8.abo.wanadoo.fr | - | High |
210 | 2.8.66.18 | anantes-652-1-211-18.w2-8.abo.wanadoo.fr | - | High |
211 | 2.8.71.15 | anantes-652-1-216-15.w2-8.abo.wanadoo.fr | - | High |
212 | 2.8.73.2 | anantes-658-1-126-2.w2-8.abo.wanadoo.fr | - | High |
213 | 2.8.91.15 | anantes-659-1-164-15.w2-8.abo.wanadoo.fr | - | High |
214 | 2.8.111.14 | anantes-652-1-256-14.w2-8.abo.wanadoo.fr | - | High |
215 | 2.8.144.1 | anantes-659-1-137-1.w2-8.abo.wanadoo.fr | - | High |
216 | 2.8.151.12 | anantes-650-1-172-12.w2-8.abo.wanadoo.fr | - | High |
217 | 2.8.161.12 | anantes-658-1-114-12.w2-8.abo.wanadoo.fr | - | High |
218 | 2.8.171.11 | anantes-159-1-24-11.w2-8.abo.wanadoo.fr | - | High |
219 | 2.8.181.13 | anantes-557-1-206-13.w2-8.abo.wanadoo.fr | - | High |
220 | 2.8.191.12 | anantes-652-1-224-12.w2-8.abo.wanadoo.fr | - | High |
221 | 2.8.211.12 | anantes-650-1-120-12.w2-8.abo.wanadoo.fr | - | High |
222 | 2.8.221.11 | anantes-659-1-158-11.w2-8.abo.wanadoo.fr | - | High |
223 | 2.8.231.11 | anantes-659-1-200-11.w2-8.abo.wanadoo.fr | - | High |
224 | 2.8.241.7 | anantes-650-1-90-7.w2-8.abo.wanadoo.fr | - | High |
225 | 2.8.251.8 | anantes-652-1-276-8.w2-8.abo.wanadoo.fr | - | High |
226 | 2.9.1.3 | anantes-156-1-2-3.w2-9.abo.wanadoo.fr | - | High |
227 | 2.9.5.3 | anantes-154-1-70-3.w2-9.abo.wanadoo.fr | - | High |
228 | 2.9.5.41 | anantes-154-1-70-41.w2-9.abo.wanadoo.fr | - | High |
229 | 2.9.8.11 | anantes-154-1-73-11.w2-9.abo.wanadoo.fr | - | High |
230 | 2.11.4.125 | arennes-258-1-165-125.w2-11.abo.wanadoo.fr | - | High |
231 | 2.11.13.53 | arennes-258-1-174-53.w2-11.abo.wanadoo.fr | - | High |
232 | 2.11.52.58 | arennes-652-1-53-58.w2-11.abo.wanadoo.fr | - | High |
233 | 2.12.3.86 | arennes-651-1-300-86.w2-12.abo.wanadoo.fr | - | High |
234 | 2.12.12.4 | arennes-662-1-35-4.w2-12.abo.wanadoo.fr | - | High |
235 | 2.18.1.1 | a2-18-1-1.deploy.static.akamaitechnologies.com | - | High |
236 | 2.19.4.32 | a2-19-4-32.deploy.static.akamaitechnologies.com | - | High |
237 | 2.21.24.34 | a2-21-24-34.deploy.static.akamaitechnologies.com | - | High |
238 | 2.56.115.39 | - | - | High |
239 | 3.1.1.1 | ec2-3-1-1-1.ap-southeast-1.compute.amazonaws.com | - | Medium |
240 | 3.1.1.3 | ec2-3-1-1-3.ap-southeast-1.compute.amazonaws.com | - | Medium |
241 | 3.1.1.35 | ec2-3-1-1-35.ap-southeast-1.compute.amazonaws.com | - | Medium |
242 | 3.1.2.4 | ec2-3-1-2-4.ap-southeast-1.compute.amazonaws.com | - | Medium |
243 | 3.1.2.9 | ec2-3-1-2-9.ap-southeast-1.compute.amazonaws.com | - | Medium |
244 | 3.1.2.36 | ec2-3-1-2-36.ap-southeast-1.compute.amazonaws.com | - | Medium |
245 | 3.1.2.41 | ec2-3-1-2-41.ap-southeast-1.compute.amazonaws.com | - | Medium |
246 | 3.1.3.34 | ec2-3-1-3-34.ap-southeast-1.compute.amazonaws.com | - | Medium |
247 | 3.1.9.5 | ec2-3-1-9-5.ap-southeast-1.compute.amazonaws.com | - | Medium |
248 | 3.1.11.38 | ec2-3-1-11-38.ap-southeast-1.compute.amazonaws.com | - | Medium |
249 | 3.1.13.29 | ec2-3-1-13-29.ap-southeast-1.compute.amazonaws.com | - | Medium |
250 | 3.1.17.213 | ec2-3-1-17-213.ap-southeast-1.compute.amazonaws.com | - | Medium |
251 | 3.1.19.214 | ec2-3-1-19-214.ap-southeast-1.compute.amazonaws.com | - | Medium |
252 | 3.1.21.215 | ec2-3-1-21-215.ap-southeast-1.compute.amazonaws.com | - | Medium |
253 | 3.1.44.5 | ec2-3-1-44-5.ap-southeast-1.compute.amazonaws.com | - | Medium |
254 | 3.1.64.11 | ec2-3-1-64-11.ap-southeast-1.compute.amazonaws.com | - | Medium |
255 | 3.2.1.2 | - | - | High |
256 | 3.2.7.175 | - | - | High |
257 | 3.3.1.3 | - | - | High |
258 | 3.3.2.18 | - | - | High |
259 | 3.3.2.198 | - | - | High |
260 | 3.3.4.29 | - | - | High |
261 | 3.3.13.227 | - | - | High |
262 | 3.3.14.5 | - | - | High |
263 | 3.3.14.231 | - | - | High |
264 | 3.4.1.83 | - | - | High |
265 | 3.4.2.2 | - | - | High |
266 | 3.4.4.132 | - | - | High |
267 | 3.4.8.2 | - | - | High |
268 | 3.4.8.3 | - | - | High |
269 | 3.4.8.4 | - | - | High |
270 | 3.4.8.16 | - | - | High |
271 | 3.4.18.177 | - | - | High |
272 | 3.5.1.119 | - | - | High |
273 | 3.5.1.252 | - | - | High |
274 | 3.5.8.14 | s3.us-east-1.amazonaws.com | - | Medium |
275 | 3.5.9.181 | - | - | High |
276 | 3.5.171.27 | - | - | High |
277 | 3.6.1.27 | ec2-3-6-1-27.ap-south-1.compute.amazonaws.com | - | Medium |
278 | 3.6.1.33 | ec2-3-6-1-33.ap-south-1.compute.amazonaws.com | - | Medium |
279 | 3.6.8.2 | ec2-3-6-8-2.ap-south-1.compute.amazonaws.com | - | Medium |
280 | 3.7.1.13 | ec2-3-7-1-13.ap-south-1.compute.amazonaws.com | - | Medium |
281 | 3.7.1.28 | ec2-3-7-1-28.ap-south-1.compute.amazonaws.com | - | Medium |
282 | 3.7.1.46 | ec2-3-7-1-46.ap-south-1.compute.amazonaws.com | - | Medium |
283 | 3.7.2.3 | ec2-3-7-2-3.ap-south-1.compute.amazonaws.com | - | Medium |
284 | 3.7.3.1 | ec2-3-7-3-1.ap-south-1.compute.amazonaws.com | - | Medium |
285 | 3.7.5.1 | ec2-3-7-5-1.ap-south-1.compute.amazonaws.com | - | Medium |
286 | 3.7.8.2 | ec2-3-7-8-2.ap-south-1.compute.amazonaws.com | - | Medium |
287 | 3.8.1.23 | ec2-3-8-1-23.eu-west-2.compute.amazonaws.com | - | Medium |
288 | 3.8.3.29 | ec2-3-8-3-29.eu-west-2.compute.amazonaws.com | - | Medium |
289 | 3.8.5.29 | ec2-3-8-5-29.eu-west-2.compute.amazonaws.com | - | Medium |
290 | 3.9.1.33 | ec2-3-9-1-33.eu-west-2.compute.amazonaws.com | - | Medium |
291 | 3.9.1.171 | ec2-3-9-1-171.eu-west-2.compute.amazonaws.com | - | Medium |
292 | 3.9.1.245 | ec2-3-9-1-245.eu-west-2.compute.amazonaws.com | - | Medium |
293 | 3.9.2.1 | ec2-3-9-2-1.eu-west-2.compute.amazonaws.com | - | Medium |
294 | 3.9.2.57 | ec2-3-9-2-57.eu-west-2.compute.amazonaws.com | - | Medium |
295 | 3.9.7.11 | ec2-3-9-7-11.eu-west-2.compute.amazonaws.com | - | Medium |
296 | 3.9.9.46 | ec2-3-9-9-46.eu-west-2.compute.amazonaws.com | - | Medium |
297 | 3.9.14.1 | ec2-3-9-14-1.eu-west-2.compute.amazonaws.com | - | Medium |
298 | 3.9.141.25 | ec2-3-9-141-25.eu-west-2.compute.amazonaws.com | - | Medium |
299 | 3.11.2.63 | ec2-3-11-2-63.eu-west-2.compute.amazonaws.com | - | Medium |
300 | 3.11.85.34 | ec2-3-11-85-34.eu-west-2.compute.amazonaws.com | - | Medium |
301 | 3.12.41.3 | ec2-3-12-41-3.us-east-2.compute.amazonaws.com | - | Medium |
302 | 3.12.41.157 | ec2-3-12-41-157.us-east-2.compute.amazonaws.com | - | Medium |
303 | 3.15.36.195 | ec2-3-15-36-195.us-east-2.compute.amazonaws.com | - | Medium |
304 | 3.21.2.2 | ec2-3-21-2-2.us-east-2.compute.amazonaws.com | - | Medium |
305 | 3.81.126.82 | ec2-3-81-126-82.compute-1.amazonaws.com | - | Medium |
306 | 3.82.197.66 | ec2-3-82-197-66.compute-1.amazonaws.com | - | Medium |
307 | 3.84.251.164 | ec2-3-84-251-164.compute-1.amazonaws.com | - | Medium |
308 | 3.86.163.159 | ec2-3-86-163-159.compute-1.amazonaws.com | - | Medium |
309 | 3.88.67.132 | ec2-3-88-67-132.compute-1.amazonaws.com | - | Medium |
310 | 3.91.47.199 | ec2-3-91-47-199.compute-1.amazonaws.com | - | Medium |
311 | 3.94.2.21 | ec2-3-94-2-21.compute-1.amazonaws.com | - | Medium |
312 | 3.95.231.52 | ec2-3-95-231-52.compute-1.amazonaws.com | - | Medium |
313 | 3.97.2.2 | ec2-3-97-2-2.ca-central-1.compute.amazonaws.com | - | Medium |
314 | 3.128.1.1 | ec2-3-128-1-1.us-east-2.compute.amazonaws.com | - | Medium |
315 | 3.128.1.29 | ec2-3-128-1-29.us-east-2.compute.amazonaws.com | - | Medium |
316 | 3.128.197.68 | ec2-3-128-197-68.us-east-2.compute.amazonaws.com | - | Medium |
317 | 3.128.222.222 | ec2-3-128-222-222.us-east-2.compute.amazonaws.com | - | Medium |
318 | 3.135.193.147 | ec2-3-135-193-147.us-east-2.compute.amazonaws.com | - | Medium |
319 | 3.135.216.86 | ec2-3-135-216-86.us-east-2.compute.amazonaws.com | - | Medium |
320 | 3.137.174.178 | ec2-3-137-174-178.us-east-2.compute.amazonaws.com | - | Medium |
321 | 3.138.117.231 | ec2-3-138-117-231.us-east-2.compute.amazonaws.com | - | Medium |
322 | 3.139.97.6 | ec2-3-139-97-6.us-east-2.compute.amazonaws.com | - | Medium |
323 | 3.215.239.59 | ess.com | - | High |
324 | 3.235.164.215 | ec2-3-235-164-215.compute-1.amazonaws.com | - | Medium |
325 | 3.238.75.236 | ec2-3-238-75-236.compute-1.amazonaws.com | - | Medium |
326 | 3.238.77.5 | ec2-3-238-77-5.compute-1.amazonaws.com | - | Medium |
327 | 4.1.1.14 | - | - | High |
328 | 4.1.1.33 | ae31-346.bar2.SaltLakeCity1.Level3.net | - | High |
329 | 4.1.1.64 | - | - | High |
330 | 4.1.1.65 | ae31-1367.bar2.SaltLakeCity1.Level3.net | - | High |
331 | 4.1.2.73 | - | - | High |
332 | 4.1.3.3 | - | - | High |
333 | 4.1.4.3 | - | - | High |
334 | 4.1.4.254 | - | - | High |
335 | 4.1.5.3 | - | - | High |
336 | 4.1.5.97 | ae30-111.bar3.SaltLakeCity1.Level3.net | - | High |
337 | 4.1.6.32 | - | - | High |
338 | 4.1.11.34 | - | - | High |
339 | 4.1.11.36 | - | - | High |
340 | 4.1.41.223 | - | - | High |
341 | 4.2.1.28 | - | - | High |
342 | 4.2.1.89 | - | - | High |
343 | 4.2.3.1 | - | - | High |
344 | 4.2.4.154 | - | - | High |
345 | 4.2.5.168 | - | - | High |
346 | 4.2.6.18 | - | - | High |
347 | 4.2.11.42 | - | - | High |
348 | 4.2.41.27 | e0.nycmny1-ercp1.bbnplanet.net | - | High |
349 | 4.2.235.73 | lag-30-2698-99.bear2.Houston1.Level3.net | - | High |
350 | 4.3.2.1 | - | - | High |
351 | 4.3.2.132 | - | - | High |
352 | 4.3.2.171 | - | - | High |
353 | 4.3.9.62 | - | - | High |
354 | 4.3.9.244 | - | - | High |
355 | 4.4.1.7 | - | - | High |
356 | 4.4.1.122 | - | - | High |
357 | 4.4.3.149 | - | - | High |
358 | 4.4.4.126 | - | - | High |
359 | 4.4.8.56 | - | - | High |
360 | 4.4.8.137 | lag-30-2387-99.bear1.Nashville1.Level3.net | - | High |
361 | 4.4.9.142 | - | - | High |
362 | 4.4.129.1 | 2-1-c26-2.ear1.Spokane3.Level3.net | - | High |
363 | 4.5.2.157 | - | - | High |
364 | 4.5.4.1 | - | - | High |
365 | 4.5.4.2 | - | - | High |
366 | 4.5.41.23 | - | - | High |
367 | 4.5.146.1 | - | - | High |
368 | 4.5.245.1 | - | - | High |
369 | 4.6.1.1 | - | - | High |
370 | 4.6.1.6 | - | - | High |
371 | 4.6.5.184 | - | - | High |
372 | 4.6.6.1 | - | - | High |
373 | 4.6.11.191 | - | - | High |
374 | 4.6.12.241 | - | - | High |
375 | 4.6.13.29 | - | - | High |
376 | 4.6.21.1 | - | - | High |
377 | 4.6.22.1 | - | - | High |
378 | 4.6.23.1 | - | - | High |
379 | 4.6.39.2 | - | - | High |
380 | 4.7.5.249 | - | - | High |
381 | 4.8.1.7 | - | - | High |
382 | 4.8.12.29 | - | - | High |
383 | 4.8.84.163 | - | - | High |
384 | 4.9.1.1 | - | - | High |
385 | 4.9.1.72 | - | - | High |
386 | 4.12.5.8 | - | - | High |
387 | 4.12.5.36 | - | - | High |
388 | 4.13.1.38 | - | - | High |
389 | 4.13.3.38 | - | - | High |
390 | 4.17.1.19 | - | - | High |
391 | 4.22.1.6 | - | - | High |
392 | 4.65.5.65 | - | - | High |
393 | 5.1.1.118 | 5-1-1-118.datagroup.ua | - | High |
394 | 5.1.4.119 | 5-1-4-119.datagroup.ua | - | High |
395 | 5.1.8.12 | 5-1-8-12.datagroup.ua | - | High |
396 | 5.1.14.61 | 5-1-14-61.datagroup.ua | - | High |
397 | 5.1.25.49 | 5-1-25-49.datagroup.ua | - | High |
398 | 5.1.81.68 | mx4.tarifvergleichbhv.net | - | High |
399 | 5.1.219.93 | - | - | High |
400 | 5.2.1.44 | - | - | High |
401 | 5.2.1.129 | - | - | High |
402 | 5.2.5.1 | - | - | High |
403 | 5.2.9.2 | - | - | High |
404 | 5.2.78.37 | - | - | High |
405 | 5.2.78.121 | - | - | High |
406 | 5.3.1.47 | 5x3x1x47.static-business.spb.ertelecom.ru | - | High |
407 | 5.3.1.138 | 5x3x1x138.static-business.spb.ertelecom.ru | - | High |
408 | 5.3.2.138 | 5x3x2x138.static-business.spb.ertelecom.ru | - | High |
409 | 5.3.21.42 | 5x3x21x42.static-business.belgorod.ertelecom.ru | - | High |
410 | 5.3.138.1 | 5x3x138x1.dynamic.oren.ertelecom.ru | - | High |
411 | 5.4.1.149 | dynamic-005-004-001-149.5.4.pool.telefonica.de | - | High |
412 | 5.4.2.41 | dynamic-005-004-002-041.5.4.pool.telefonica.de | - | High |
413 | 5.4.3.39 | dynamic-005-004-003-039.5.4.pool.telefonica.de | - | High |
414 | 5.4.3.151 | dynamic-005-004-003-151.5.4.pool.telefonica.de | - | High |
415 | 5.5.1.34 | dynamic-005-005-001-034.5.5.pool.telefonica.de | - | High |
416 | 5.5.1.38 | dynamic-005-005-001-038.5.5.pool.telefonica.de | - | High |
417 | 5.5.2.52 | dynamic-005-005-002-052.5.5.pool.telefonica.de | - | High |
418 | 5.5.2.197 | dynamic-005-005-002-197.5.5.pool.telefonica.de | - | High |
419 | 5.5.3.61 | dynamic-005-005-003-061.5.5.pool.telefonica.de | - | High |
420 | 5.5.4.26 | dynamic-005-005-004-026.5.5.pool.telefonica.de | - | High |
421 | 5.6.5.236 | dynamic-005-006-005-236.5.6.pool.telefonica.de | - | High |
422 | 5.6.6.232 | dynamic-005-006-006-232.5.6.pool.telefonica.de | - | High |
423 | 5.6.7.8 | dynamic-005-006-007-008.5.6.pool.telefonica.de | - | High |
424 | 5.6.7.43 | dynamic-005-006-007-043.5.6.pool.telefonica.de | - | High |
425 | 5.7.1.116 | dynamic-005-007-001-116.5.7.pool.telefonica.de | - | High |
426 | 5.7.1.179 | dynamic-005-007-001-179.5.7.pool.telefonica.de | - | High |
427 | 5.7.4.39 | dynamic-005-007-004-039.5.7.pool.telefonica.de | - | High |
428 | 5.7.21.28 | dynamic-005-007-021-028.5.7.pool.telefonica.de | - | High |
429 | 5.9.7.72 | static.72.7.9.5.clients.your-server.de | - | High |
430 | 5.9.178.75 | glass-expander.bentneed.org | - | High |
431 | 5.17.161.235 | 5x17x161x235.static-business.spb.ertelecom.ru | - | High |
432 | 5.34.178.59 | yaalex32.isplevel.pro | - | High |
433 | 5.34.178.185 | hathi1.co.in | - | High |
434 | 5.34.178.247 | us.vps.98 | - | High |
435 | 5.34.181.18 | storage-669286.hosted-by.itldc.com | - | High |
436 | 5.34.181.32 | vds15933.example.nl | - | High |
437 | 5.39.1.6 | ip6.ip-5-39-1.eu | - | High |
438 | 5.39.63.98 | - | - | High |
439 | 5.61.32.173 | - | - | High |
440 | 5.61.33.195 | mail.chesm.org | - | High |
441 | 5.61.34.63 | - | - | High |
442 | 5.61.34.245 | prikolisti.net | - | High |
443 | 5.61.36.89 | - | - | High |
444 | 5.61.45.151 | - | - | High |
445 | 5.61.61.169 | - | - | High |
446 | 5.181.80.113 | ip-80-113-bullethost.net | - | High |
447 | 5.181.80.214 | ip-80-214-bullethost.net | - | High |
448 | 5.181.156.15 | no-rdns.mivocloud.com | - | High |
449 | 5.181.156.16 | 5-181-156-16.mivocloud.com | - | High |
450 | 5.181.156.69 | no-rdns.mivocloud.com | - | High |
451 | 5.181.156.166 | 5-181-156-166.mivocloud.com | - | High |
452 | 5.181.156.211 | 5-181-156-211.mivocloud.com | - | High |
453 | 5.181.156.226 | no-rdns.mivocloud.com | - | High |
454 | 5.181.156.238 | no-rdns.mivocloud.com | - | High |
455 | 5.182.211.25 | - | - | High |
456 | 5.182.211.47 | - | - | High |
457 | 5.182.211.124 | mu124.mundial.web.tr | - | High |
458 | 5.182.211.125 | - | - | High |
459 | 5.182.211.138 | - | - | High |
460 | 5.182.211.218 | - | - | High |
461 | 5.182.211.222 | adlt.locrum.icu | - | High |
462 | 5.182.211.223 | ernu.locrum.icu | - | High |
463 | 5.183.95.6 | mail.zeakids.de | - | High |
464 | 5.188.133.193 | stack.example.com | - | High |
465 | 5.196.197.27 | - | - | High |
466 | 5.199.174.223 | - | - | High |
467 | 5.255.96.16 | - | - | High |
468 | 5.255.255.5 | yandex.ru | - | High |
469 | 6.1.1.8 | - | - | High |
470 | 6.1.1.28 | - | - | High |
471 | 6.1.1.35 | - | - | High |
472 | 6.1.4.2 | - | - | High |
473 | 6.1.19.84 | - | - | High |
474 | 6.2.1.19 | - | - | High |
475 | 6.2.2.1 | - | - | High |
476 | 6.2.2.2 | - | - | High |
477 | 6.2.2.3 | - | - | High |
478 | 6.2.2.224 | - | - | High |
479 | 6.2.3.248 | - | - | High |
480 | 6.2.3.251 | - | - | High |
481 | 6.2.4.2 | - | - | High |
482 | 6.2.4.27 | - | - | High |
483 | 6.2.5.2 | - | - | High |
484 | 6.2.16.1 | - | - | High |
485 | ... | ... | ... | ... |
There are 1935 more IOC items available. Please use our online service to access the data.
TTP - Tactics, Techniques, Procedures
Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by Conti. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence |
---|---|---|---|---|
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-36, CWE-37 | Pathname Traversal | High |
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High |
3 | T1055 | CWE-74 | Injection | High |
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High |
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High |
6 | T1068 | CWE-264, CWE-269, CWE-270, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High |
7 | ... | ... | ... | ... |
There are 22 more TTP items available. Please use our online service to access the data.
IOA - Indicator of Attack
These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Conti. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence |
---|---|---|---|
1 | File | /?p=products |
Medium |
2 | File | /?r=recruit/resume/edit&op=status |
High |
3 | File | /academy/tutor/filter |
High |
4 | File | /admin/?page=user/list |
High |
5 | File | /admin/?page=user/manage_user&id=3 |
High |
6 | File | /admin/about-us.php |
High |
7 | File | /admin/curriculum/view_curriculum.php |
High |
8 | File | /admin/del_category.php |
High |
9 | File | /admin/del_service.php |
High |
10 | File | /admin/departments/view_department.php |
High |
11 | File | /admin/edit-accepted-appointment.php |
High |
12 | File | /admin/edit-services.php |
High |
13 | File | /admin/edit_category.php |
High |
14 | File | /admin/edit_subject.php |
High |
15 | File | /admin/forgot-password.php |
High |
16 | File | /admin/index.php |
High |
17 | File | /admin/login.php |
High |
18 | File | /admin/products/manage_product.php |
High |
19 | File | /admin/reg.php |
High |
20 | File | /admin/search-appointment.php |
High |
21 | File | /admin/sys_sql_query.php |
High |
22 | File | /admin/user/manage_user.php |
High |
23 | File | /api/ |
Low |
24 | File | /api/admin/store/product/list |
High |
25 | File | /api/baskets/{name} |
High |
26 | File | /api/stl/actions/search |
High |
27 | File | /api/v2/cli/commands |
High |
28 | File | /appliance/users?action=edit |
High |
29 | File | /apply.cgi |
Medium |
30 | File | /bin/ate |
Medium |
31 | File | /blog |
Low |
32 | File | /booking/show_bookings/ |
High |
33 | File | /cgi-bin |
Medium |
34 | File | /cgi-bin/wlogin.cgi |
High |
35 | File | /classes/master.php?f=delete_order |
High |
36 | File | /collection/all |
High |
37 | File | /Content/Template/root/reverse-shell.aspx |
High |
38 | File | /csms/?page=contact_us |
High |
39 | File | /dashboard/add-blog.php |
High |
40 | File | /debug/pprof |
Medium |
41 | File | /dipam/athlete-profile.php |
High |
42 | File | /E-mobile/App/System/File/downfile.php |
High |
43 | File | /emap/devicePoint_addImgIco?hasSubsystem=true |
High |
44 | File | /env |
Low |
45 | File | /forms/doLogin |
High |
46 | File | /forum/away.php |
High |
47 | File | /fusion/portal/action/Link |
High |
48 | File | /group1/uploa |
High |
49 | File | /h/autoSaveDraft |
High |
50 | File | /importexport.php |
High |
51 | ... | ... | ... |
There are 447 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
References
The following list contains external sources which discuss the actor and the associated activities:
- https://ddanchev.blogspot.com/2022/02/exposing-conti-ransomware-gang-osint_28.html
- https://ddanchev.blogspot.com/2022/06/how-to-take-down-conti-ransomware-gang.html
- https://github.com/pan-unit42/iocs/blob/master/Conti_IOCs.txt
- https://github.com/sophoslabs/IoCs/blob/master/Ransomware-Conti.csv
- https://thedfirreport.com/2021/05/12/conti-ransomware/
- https://thedfirreport.com/2021/09/13/bazarloader-to-conti-ransomware-in-32-hours/
- https://thedfirreport.com/2022/04/04/stolen-images-campaign-ends-in-conti-ransomware/
- https://therecord.media/disgruntled-ransomware-affiliate-leaks-the-conti-gangs-technical-manuals/
- https://twitter.com/cherryblond83/status/1498133186316062724
- https://twitter.com/vxunderground/status/1414809517993435139
Literature
The following articles explain our unique predictive cyber threat intelligence:
- VulDB Cyber Threat Intelligence Documentation
- Cyber Threat Intelligence - Early Anticipation of Attacks
License
(c) 1997-2023 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!