Emerging Threats
Malware2021
Conti
4Rules
5References
1Folders
2023-05-04Latest
Summary
Conti is tracked here as a malware family or toolset with 4 Sigma detections spanning 2021. Coverage centers on windows / process_creation.
Related Detections
Search this threatEmerging Threathightest
Potential Conti Ransomware Database Dumping Activity Via SQLCmd
Detects a command used by conti to dump database
WindowsProcess Creation
TA0009 · CollectionT1005 · Data from Local Systemdetection.emerging-threats
François HubautMon Aug 162021
Emerging Threatcriticaltest
Potential Conti Ransomware Activity
Detects a specific command used by the Conti ransomware group
WindowsProcess Creation
TA0040 · ImpactS0575 · ContiT1486 · Data Encrypted for Impactdetection.emerging-threats
François HubautTue Oct 122021
Emerging Threathightest
Conti NTDS Exfiltration Command
Detects a command used by conti to exfiltrate NTDS
WindowsProcess Creation
TA0009 · CollectionT1560 · Archive Collected Datadetection.emerging-threats
Max Altgelt (Nextron Systems)+1Mon Aug 092021
Emerging Threathightest
Conti Volume Shadow Listing
Detects a command used by conti to find volume shadow backups
WindowsProcess Creation
T1587.001 · MalwareTA0042 · Resource Developmentdetection.emerging-threats
Max Altgelt (Nextron Systems)+1Mon Aug 092021
References