| https://threatpost.com/affiliate-leaks-conti-ransomware-playbook/168442 |
| https://unit42.paloaltonetworks.com/conti-ransomware-gang |
| https://blogs.vmware.com/security/2022/09/esxi-targeting-ransomware-the-threats-that-are-after-your-virtual-machines-part-1.html |
| https://intel471.com/blog/malware-before-ransomware-trojan-information-stealer-cobalt-strike |
| https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/06/23093553/Common-TTPs-of-the-modern-ransomware_low-res.pdf |
| https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE54L7v |
| https://securelist.com/new-ransomware-trends-in-2022/106457/ |
| https://www.advintel.io/post/advintel-s-state-of-emotet-aka-spmtools-displays-over-million-compromised-machines-through-2022 |
| https://www.esentire.com/blog/analysis-of-leaked-conti-intrusion-procedures-by-esentires-threat-response-unit-tru |
| https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself |
| https://www.secureworks.com/blog/gold-ulrick-continues-conti-operations-despite-public-disclosures |
| https://www.threatstop.com/blog/first-conti-then-hive-costa-rica-gets-hit-with-ransomware-again |
| https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/conti-group-targets-esxi-hypervisors-with-its-linux-variant.html |
| https://www.youtube.com/watch?v=cYx7sQRbjGA |
| http://chuongdong.com/reverse%20engineering/2020/12/15/ContiRansomware/ |
| https://0xthreatintel.medium.com/reversing-conti-ransomware-bfce15019e74 |
| https://analyst1.com/blog/ransom-mafia-analysis-of-the-worlds-first-ransomware-cartel |
| https://analyst1.com/file-assets/RANSOM-MAFIA-ANALYSIS-OF-THE-WORLD%E2%80%99S-FIRST-RANSOMWARE-CARTEL.pdf |
| https://arcticwolf.com/resources/blog/conti-ransomware-leak-analyzed |
| https://arcticwolf.com/resources/blog/karakurt-web |
| https://areteir.com/wp-content/uploads/2020/08/Arete_Insight_Is-Conti-the-new-Ryuk_August2020.pdf |
| https://assets.sentinelone.com/ransomware-enterprise/conti-ransomware-unpacked |
| https://attackiq.com/2022/06/15/attack-graph-emulating-the-conti-ransomware-teams-behaviors/ |
| https://blog.bushidotoken.net/2022/04/lessons-from-conti-leaks.html |
| https://blog.google/threat-analysis-group/exposing-initial-access-broker-ties-conti |
| https://blog.google/threat-analysis-group/exposing-initial-access-broker-ties-conti/ |
| https://blog.qualys.com/vulnerabilities-threat-research/2021/11/18/conti-ransomware |
| https://blog.reversinglabs.com/blog/conversinglabs-ep-2-conti-pivots-as-ransomware-as-a-service-struggles |
| https://blog.talosintelligence.com/2021/09/Conti-leak-translation.html |
| https://blog.talosintelligence.com/2022/05/conti-and-hive-ransomware-operations.html |
| https://blogs.blackberry.com/en/2022/09/the-curious-case-of-monti-ransomware-a-real-world-doppelganger |
| https://blogs.vmware.com/security/2022/09/threat-report-illuminating-volume-shadow-deletion.html |
| https://cisoclub.ru/doc/otchet-kompanii-group-ib-ransomware-uncovered-2020-2021/?bp-attachment=group-ib_ransomware_uncovered_2020-2021.pdf |
| https://cluster25.io/2022/03/02/contis-source-code-deep-dive-into/ |
| https://cocomelonc.github.io/investigation/2022/03/27/malw-inv-conti-1.html |
| https://cocomelonc.github.io/investigation/2022/04/11/malw-inv-conti-2.html |
| https://cocomelonc.github.io/tutorial/2022/04/02/malware-injection-18.html |
| https://content.secureworks.com/-/media/Files/US/Reports/Monthly%20Threat%20Intelligence/Secureworks_ECO1_ThreatIntelligenceExecutiveReport2022Vol2.ashx |
| https://cti-league.com/wp-content/uploads/2021/02/CTI-League-Darknet-Report-2021.pdf |
| https://cybersecurity.att.com/blogs/security-essentials/stories-from-the-soc-powershell-proxyshell-conti-ttps-oh-my |
| https://cyware.com/news/ransomware-becomes-deadlier-conti-makes-the-most-money-39e17bae/ |
| https://docs.google.com/spreadsheets/d/1MI8Z2tBhmqQ5X8Wf_ozv3dVjz5sJOs-3 |
| https://documents.trendmicro.com/assets/pdf/datasheet-ransomware-in-Q1-2022.pdf |
| https://eclypsium.com/2022/06/02/conti-targets-critical-firmware/ |
| https://github.com/TheParmak/conti-leaks-englished |
| https://github.com/cdong1012/ContiUnpacker |
| https://github.com/whichbuffer/Conti-Ransomware-IOC |
| https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf |
| https://go.recordedfuture.com/hubfs/reports/cta-2022-0802.pdf |
| https://intel471.com/blog/conti-emotet-ransomware-conti-leaks |
| https://intel471.com/blog/conti-leaks-cybercrime-fire-team |
| https://intel471.com/blog/conti-vs-monti-a-reinvention-or-just-a-simple-rebranding |
| https://intel471.com/blog/shipping-companies-ransomware-credentials |
| https://ke-la.com/to-attack-or-not-to-attack-targeting-the-healthcare-sector-in-the-underground-ecosystem/ |
| https://ke-la.com/zooming-into-darknet-threats-targeting-jp-orgs-kela/ |
| https://krebsonsecurity.com/2021/08/ransomware-gangs-and-the-name-game-distraction/ |
| https://krebsonsecurity.com/2021/10/conti-ransom-gang-starts-selling-access-to-victims/ |
| https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-ii-the-office/ |
| https://lifars.com/wp-content/uploads/2021/10/ContiRansomware_Whitepaper.pdf |
| https://marcoramilli.com/2021/11/07/conti-ransomware-cheat-sheet/ |
| https://medium.com/@arnozobec/analyzing-conti-leaks-without-speaking-russian-only-methodology-f5aecc594d1b |
| https://medium.com/@whickey000/how-i-cracked-conti-ransomware-groups-leaked-source-code-zip-file-e15d54663a8 |
| https://medium.com/cycraft/the-road-to-ransomware-resilience-c1ca37036efd |
| https://nakedsecurity.sophos.com/2021/08/06/conti-ransomware-affiliate-goes-rogue-leaks-company-data/ |
| https://news.sophos.com/en-us/2021/02/16/conti-ransomware-attack-day-by-day/ |
| https://news.sophos.com/en-us/2021/02/16/conti-ransomware-evasive-by-nature/ |
| https://news.sophos.com/en-us/2021/02/16/what-to-expect-when-youve-been-hit-with-conti-ransomware/ |
| https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/ |
| https://news.sophos.com/en-us/2022/02/22/cyberthreats-during-russian-ukrainian-tensions-what-can-we-learn-from-history-to-be-prepared/ |
| https://news.sophos.com/en-us/2022/02/28/conti-and-karma-actors-attack-healthcare-provider-at-same-time-through-proxyshell-exploits/?cmp=30728 |
| https://news.sophos.com/en-us/2022/03/17/the-ransomware-threat-intelligence-center/ |
| https://public.intel471.com/blog/ransomware-as-a-service-2020-ryuk-maze-revil-egregor-doppelpaymer/ |
| https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE54L7v |
| https://redcanary.com/blog/intelligence-insights-november-2021/ |
| https://research.checkpoint.com/2022/leaks-of-conti-ransomware-group-paint-picture-of-a-surprisingly-normal-tech-start-up-sort-of/ |
| https://research.nccgroup.com/2022/03/31/conti-nuation-methods-and-techniques-observed-in-operations-post-the-leaks/ |
| https://research.nccgroup.com/2022/04/29/adventures-in-the-land-of-bumblebee-a-new-malicious-loader/ |
| https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/787/original/ransomware-chats.pdf |
| https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/787/original/ransomware-chats.pdf?1651576098 |
| https://securelist.com/luna-black-basta-ransomware/106950 |
| https://securelist.com/modern-ransomware-groups-ttps/106824/ |
| https://securityaffairs.co/wordpress/128190/cyber-crime/conti-ransomware-takes-over-trickbot.html |
| https://securityandtechnology.org/wp-content/uploads/2021/04/IST-Ransomware-Task-Force_Final_Report.pdf |
| https://share.vx-underground.org/Conti/ |
| https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/log4j-vulnerabilities-attacks |
| https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ransomware-hive-conti-avoslocker |
| https://symantec.broadcom.com/hubfs/The_Ransomware_Threat_September_2021.pdf |
| https://thedfirreport.com/2021/05/12/conti-ransomware/ |
| https://thedfirreport.com/2021/08/01/bazarcall-to-conti-ransomware-via-trickbot-and-cobalt-strike/ |
| https://thedfirreport.com/2021/09/13/bazarloader-to-conti-ransomware-in-32-hours/ |
| https://thedfirreport.com/2021/10/04/bazarloader-and-the-conti-leaks/ |
| https://thedfirreport.com/2021/11/29/continuing-the-bazar-ransomware-story/ |
| https://thedfirreport.com/2021/12/13/diavol-ransomware/ |
| https://thedfirreport.com/2022/04/04/stolen-images-campaign-ends-in-conti-ransomware/ |
| https://thehackernews.com/2022/05/malware-analysis-trickbot.html |
| https://therecord.media/conti-leaks-the-panama-papers-of-ransomware/ |
| https://therecord.media/conti-ransomware-gang-chats-leaked-by-pro-ukraine-member/ |
| https://therecord.media/disgruntled-ransomware-affiliate-leaks-the-conti-gangs-technical-manuals/ |
| https://threatpost.com/affiliate-leaks-conti-ransomware-playbook/168442/ |
| https://threatpost.com/conti-ransomware-decryptor-trickbot-source-code-leaked/178727/ |
| https://threatpost.com/conti-ransomware-v-3-including-decryptor-leaked/179006/ |
| https://twitter.com/AltShiftPrtScn/status/1350755169965924352 |
| https://twitter.com/AltShiftPrtScn/status/1417849181012647938 |
| https://twitter.com/AltShiftPrtScn/status/1423188974298861571 |
| https://twitter.com/TheDFIRReport/status/1498642512935800833 |
| https://unit42.paloaltonetworks.com/bumblebee-malware-projector-libra/ |
| https://unit42.paloaltonetworks.com/conti-ransomware-gang/ |
| https://us-cert.cisa.gov/ncas/alerts/aa21-265a |
| https://vulnerability.ch/2021/04/ransomware-and-date-leak-site-publication-time-analysis/ |
| https://web.archive.org/web/20210305181115/https://cisoclub.ru/doc/otchet-kompanii-group-ib-ransomware-uncovered-2020-2021/?bp-attachment=group-ib_ransomware_uncovered_2020-2021.pdf |
| https://www.advanced-intel.com/post/hunting-for-corporate-insurance-policies-indicators-of-ransom-exfiltrations |
| https://www.advanced-intel.com/post/secret-backdoor-behind-conti-ransomware-operation-introducing-atera-agent |
| https://www.advintel.io/post/24-hours-from-log4shell-to-local-admin-deep-dive-into-conti-gang-attack-on-fortune-500-dfir |
| https://www.advintel.io/post/backup-removal-solutions-from-conti-ransomware-with-love |
| https://www.advintel.io/post/discontinued-the-end-of-conti-s-brand-marks-new-chapter-for-cybercrime-landscape |
| https://www.advintel.io/post/hydra-with-three-heads-blackbyte-the-future-of-ransomware-subsidiary-groups |
| https://www.advintel.io/post/ransomware-advisory-log4shell-exploitation-for-initial-access-lateral-movement |
| https://www.bankinfosecurity.com/cybercrime-moves-conti-ransomware-absorbs-trickbot-malware-a-18573 |
| https://www.bleepingcomputer.com/news/security/angry-conti-ransomware-affiliate-leaks-gangs-attack-playbook/ |
| https://www.bleepingcomputer.com/news/security/cisa-updates-conti-ransomware-alert-with-nearly-100-domain-names/ |
| https://www.bleepingcomputer.com/news/security/conti-ransomware-gang-takes-over-trickbot-malware-operation/ |
| https://www.bleepingcomputer.com/news/security/conti-ransomware-source-code-leaked-by-ukrainian-researcher/ |
| https://www.bleepingcomputer.com/news/security/conti-ransomwares-internal-chats-leaked-after-siding-with-russia/ |
| https://www.bleepingcomputer.com/news/security/hackers-use-contis-leaked-ransomware-to-attack-russian-companies/ |
| https://www.bleepingcomputer.com/news/security/hhs-conti-ransomware-encrypted-80-percent-of-irelands-hse-it-systems/ |
| https://www.bleepingcomputer.com/news/security/karakurt-revealed-as-data-extortion-arm-of-conti-cybercrime-syndicate/ |
| https://www.bleepingcomputer.com/news/security/microsoft-exchange-servers-hacked-to-deploy-hive-ransomware/ |
| https://www.bleepingcomputer.com/news/security/ryuk-successor-conti-ransomware-releases-data-leak-site/ |
| https://www.bleepingcomputer.com/news/security/taiwanese-apple-and-tesla-contractor-hit-by-conti-ransomware/ |
| https://www.carbonblack.com/blog/tau-threat-discovery-conti-ransomware/ |
| https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-006.pdf |
| https://www.clearskysec.com/wp-content/uploads/2021/02/Conti-Ransomware.pdf |
| https://www.connectwise.com/resources/conti-profile |
| https://www.coveware.com/blog/2022/1/26/ransomware-as-a-service-innovation-curve |
| https://www.coveware.com/blog/ransomware-attack-vectors-shift-as-new-software-vulnerability-exploits-abound |
| https://www.cronup.com/post/de-ataque-con-malware-a-incidente-de-ransomware |
| https://www.crowdstrike.com/blog/how-big-game-hunting-ttps-shifted-after-darkside-pipeline-attack/ |
| https://www.crowdstrike.com/blog/how-to-defend-against-conti-darkside-revil-and-other-ransomware/ |
| https://www.crowdstrike.com/blog/wizard-spider-adversary-update/ |
| https://www.cyberark.com/resources/threat-research-blog/conti-group-leaked |
| https://www.cybereason.com/blog/cybereason-vs.-conti-ransomware |
| https://www.cybereason.com/blog/threat-analysis-report-from-shatak-emails-to-the-conti-ransomware |
| https://www.cyberscoop.com/ransomware-gang-conti-bounced-back/ |
| https://www.cyborgsecurity.com/cyborg_labs/hunting-ransomware-inhibiting-system-backup-or-recovery/ |
| https://www.cynet.com/attack-techniques-hands-on/shelob-moonlight-spinning-a-larger-web/ |
| https://www.darktrace.com/en/blog/the-double-extortion-business-conti-ransomware-gang-finds-new-avenues-of-negotiation/ |
| https://www.domaintools.com/resources/blog/the-most-prolific-ransomware-families-a-defenders-guide |
| https://www.dragos.com/blog/industry-news/dragos-ics-ot-ransomware-analysis-q4-2021/ |
| https://www.dragos.com/blog/industry-news/suspected-conti-ransomware-activity-in-the-auto-manufacturing-sector/ |
| https://www.eldiario.es/tecnologia/capos-cibercrimen-avisan-contratacaran-si-hackea-rusia_1_8795458.html |
| https://www.elliptic.co/blog/conti-ransomware-nets-at-least-25.5-million-in-four-months |
| https://www.esentire.com/blog/analysis-of-leaked-conti-intrusion-procedures-by-esentires-threat-response-unit-tru |
| https://www.esentire.com/blog/conti-affiliate-exposed-new-domain-names-ip-addresses-and-email-addresses-uncovered-by-esentire |
| https://www.fortinet.com/blog/threat-research/diavol-new-ransomware-used-by-wizard-spider |
| https://www.hornetsecurity.com/en/security-informationen-en/leakware-ransomware-hybrid-attacks/ |
| https://www.hse.ie/eng/services/publications/conti-cyber-attack-on-the-hse-full-report.pdf |
| https://www.huntandhackett.com/blog/advanced-ip-scanner-the-preferred-scanner-in-the-apt-toolbox |
| https://www.ic3.gov/Media/News/2021/210521.pdf |
| https://www.ironnet.com/blog/ransomware-graphic-blog |
| https://www.mbsd.jp/2022/03/08/assets/images/MBSD_Summary_of_ContiLeaks_Rev3.pdf |
| https://www.mbsd.jp/research/20210413/conti-ransomware/ |
| https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself |
| https://www.ncsc.gov.ie/pdfs/HSE_Conti_140521_UPDATE.pdf |
| https://www.prevailion.com/what-wicked-webs-we-unweave/ |
| https://www.prodaft.com/m/reports/Conti_TLPWHITE_v1.6_WVcSEtc.pdf |
| https://www.prodaft.com/m/reports/WizardSpider_TLPWHITE_v.1.4.pdf |
| https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf |
| https://www.pwc.co.uk/issues/cyber-security-services/insights/what-is-behind-ransomware-attacks-increase.html |
| https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-annex-download.pdf |
| https://www.redhotcyber.com/post/il-ransomware-conti-si-schiera-a-favore-della-russia |
| https://www.secureworks.com/blog/gold-ulrick-continues-conti-operations-despite-public-disclosures |
| https://www.secureworks.com/blog/gold-ulrick-leaks-reveal-organizational-structure-and-relationships |
| https://www.sekoia.io/en/an-insider-insights-into-conti-operations-part-one |
| https://www.sekoia.io/en/an-insider-insights-into-conti-operations-part-two/ |
| https://www.silentpush.com/blog/consequences-the-conti-leaks-and-future-problems |
| https://www.splunk.com/en_us/blog/security/gone-in-52-seconds-and-42-minutes-a-comparative-analysis-of-ransomware-encryption-speed.html |
| https://www.splunk.com/en_us/pdfs/resources/whitepaper/an-empirically-comparative-analysis-of-ransomware-binaries.pdf |
| https://www.symantec.broadcom.com/hubfs/SED/SED_Threat_Hunter_Reports_Alerts/SED_FY22Q2_SES_Ransomware-Threat-Landscape_WP.pdf |
| https://www.threatstop.com/blog/conti-ransomware-source-code-leaked |
| https://www.threatstop.com/blog/first-conti-then-hive-costa-rica-gets-hit-with-ransomware-again |
| https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/conti-group-targets-esxi-hypervisors-with-its-linux-variant.html |
| https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/conti-leaks-examining-the-panama-papers-of-ransomware.html |
| https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/the-sound-of-malware.html |
| https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/c/cyberattacks-are-prominent-in-the-russia-ukraine-conflict/IOC%20Resource%20for%20Russia-Ukraine%20Conflict-Related%20Cyberattacks-03032022.pdf |
| https://www.trendmicro.com/en_us/research/22/c/cyberattacks-are-prominent-in-the-russia-ukraine-conflict.html |
| https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/ransomware-as-a-service-enabler-of-widespread-attacks |
| https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/ransomware-double-extortion-and-beyond-revil-clop-and-conti |
| https://www.trendmicro.com/vinfo/us/security/news/ransomware-by-the-numbers/lockbit-conti-and-blackcat-lead-pack-amid-rise-in-active-raas-and-extortion-groups-ransomware-in-q1-2022 |
| https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-conti |
| https://www.trmlabs.com/post/analysis-corroborates-suspected-ties-between-conti-and-ryuk-ransomware-groups-and-wizard-spider |
| https://www.truesec.com/hub/blog/proxyshell-qbot-and-conti-ransomware-combined-in-a-series-of-cyber-attacks |
| https://www.unh4ck.com/detection-engineering-and-threat-hunting/lateral-movement/detecting-conti-cobaltstrike-lateral-movement-techniques-part-1 |
| https://www.unh4ck.com/detection-engineering-and-threat-hunting/lateral-movement/detecting-conti-cobaltstrike-lateral-movement-techniques-part-2 |
| https://www.youtube.com/watch?v=cYx7sQRbjGA |
| https://www.youtube.com/watch?v=hmaWy9QIC7c |
| https://www.youtube.com/watch?v=uORuVVQzZ0A |
| https://www.zdnet.com/article/the-malware-that-usually-installs-ransomware-and-you-need-to-remove-right-away/ |
| https://www.zscaler.com/blogs/security-research/conti-ransomware-attacks-persist-updated-version-despite-leaks |
| https://yoroi.company/research/conti-ransomware-source-code-a-well-designed-cots-ransomware/ |
