Conti Ransomware Group Cobalt Strike C2 Analysis & Persistence (Anydesk, Atera, Splash)
Conti is a Ransomware-as-a-Service that was first observed in December 2019 and has been distributed via TrickBot. It has been used against major corporations and government agencies, particularly those in North America. As with other ransomware families, actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid.
https://attack.mitre.org/software/S0575/
Conti Ransomware Group Cobalt Strike C2 Infrastructure
IP:162.244.80[.]235 & Domain: softnewspaper[.]com
IP:85.93.88[.]165 & Domain: macrodown[.]com
IP:185.141.63[.]120 & Domain: shanroban[.]com
IP:82.118.21[.]1 & Domain: bmwfor[.]com
Conti Ransomware Group Cobalt Strike C2 Infrastructure
162.244.80[.]235
Domain categorized as business commercial.
softnewspaper.com,/jquery-3.3.1.min.jsPorts opened: 22, 80, 443
HTTP 404 Not Found on 80 and 443 and 0 as content length
