Potential Conti Ransomware Activity

Rule Info

Name
Potential Conti Ransomware Activity
Author
Florian Roth
Description
Detects a specific command line pattern based on flags used by the Conti ransomware
Reference
https://www.group-ib.com/blog/dragonforce-ransomware/
Date
2024-10-07 00:00:00
Modified
None
Id
1baa5ba4-e740-44d5-b2d2-d6d5550bf46b
Tags
attack.impact attack.s0575 attack.t1486
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022