CONTI

RANSOMWARE

Predicted CVEs (2) CORRELATION

How does prediction work?

Predicted CVEs are identified through automated correlation using multiple sources: vendor/product profiles historically targeted by the group (MITRE ATT&CK), attack chain patterns (KEV + TTPs), threat intelligence (MISP, STIX), and AI analysis. These CVEs have not been confirmed as exploited by this specific group, but have a high probability of being targets based on the actor's operational profile.

CVE-2020-1472 MEDIUM Microsoft Windows Server version 2004 high 5.5 CVE-2020-1472 MEDIUM Microsoft Windows Server version 2004 predicted 5.5

ATT&CK Techniques (23)

T1078.002 Valid Accounts: Domain Accounts Initial Access T1190 Exploit Public-Facing Application Initial Access T1566.001 Phishing: Spearphishing Attachment Initial Access T1047 Windows Management Instrumentation Execution T1059.001 Command and Scripting Interpreter: PowerShell Execution T1136.002 Create Account: Domain Account Persistence T1547.001 Boot or Logon Autostart Execution: Registry Run Keys Persistence T1068 Exploitation for Privilege Escalation Privilege Escalation T1218.011 Signed Binary Proxy Execution: Rundll32 Defense Evasion T1562.001 Disable or Modify Tools Defense Evasion T1003.001 OS Credential Dumping: LSASS Memory Credential Access T1003.003 OS Credential Dumping: NTDS Credential Access T1046 Network Service Discovery Discovery T1482 Domain Trust Discovery Discovery T1021.001 Remote Services: Remote Desktop Protocol Lateral Movement T1021.002 Remote Services: SMB/Windows Admin Shares Lateral Movement T1005 Data from Local System Collection T1560.001 Archive Collected Data: Archive via Utility Collection T1567.002 Exfiltration Over Web Service: Exfiltration to Cloud Storage Exfiltration T1071.001 Application Layer Protocol: Web Protocols Command and Control T1219 Remote Access Software Command and Control T1486 Data Encrypted for Impact Impact T1490 Inhibit System Recovery Impact