CONTI
Predicted CVEs (2) CORRELATION
How does prediction work?
Predicted CVEs are identified through automated correlation using multiple sources: vendor/product profiles historically targeted by the group (MITRE ATT&CK), attack chain patterns (KEV + TTPs), threat intelligence (MISP, STIX), and AI analysis. These CVEs have not been confirmed as exploited by this specific group, but have a high probability of being targets based on the actor's operational profile.
ATT&CK Techniques (23)
T1078.002
Valid Accounts: Domain Accounts
Initial Access
T1190
Exploit Public-Facing Application
Initial Access
T1566.001
Phishing: Spearphishing Attachment
Initial Access
T1047
Windows Management Instrumentation
Execution
T1059.001
Command and Scripting Interpreter: PowerShell
Execution
T1136.002
Create Account: Domain Account
Persistence
T1547.001
Boot or Logon Autostart Execution: Registry Run Keys
Persistence
T1068
Exploitation for Privilege Escalation
Privilege Escalation
T1218.011
Signed Binary Proxy Execution: Rundll32
Defense Evasion
T1562.001
Disable or Modify Tools
Defense Evasion
T1003.001
OS Credential Dumping: LSASS Memory
Credential Access
T1003.003
OS Credential Dumping: NTDS
Credential Access
T1046
Network Service Discovery
Discovery
T1482
Domain Trust Discovery
Discovery
T1021.001
Remote Services: Remote Desktop Protocol
Lateral Movement
T1021.002
Remote Services: SMB/Windows Admin Shares
Lateral Movement
T1005
Data from Local System
Collection
T1560.001
Archive Collected Data: Archive via Utility
Collection
T1567.002
Exfiltration Over Web Service: Exfiltration to Cloud Storage
Exfiltration
T1071.001
Application Layer Protocol: Web Protocols
Command and Control
T1219
Remote Access Software
Command and Control
T1486
Data Encrypted for Impact
Impact
T1490
Inhibit System Recovery
Impact