Rewterz Threat Alert – Leaked Conti Ransomware Used to Target
Russia - Active IOCs - Rewterz
Published: 2022-04-11 · Archived: 2026-04-05 19:04:21 UTC
Severity
High
Analysis Summary
Conti ransomware was discovered in December 2019 and is delivered via TrickBot. It’s been utilized against large
companies and government institutions across the world, especially in North America. Conti steals important files
and information from targeted networks and threatens to disseminate it unless the ransom is paid. Conti
ransomware enhances performance by utilizing “up to 32 simultaneous encryption operations,” and is very likely
directly controlled by its controllers. This ransomware can target network-based resources while ignoring local
files. This feature has the noticeable impact of being able to create targeted harm in an environment in a way that
might hinder incident response actions.
During the Russian-Ukrainian cyber warfare, threat groups and hacktivists have taken sides in support of either
party. Russian originator Conti announced their support for Russia, but shortly after their data was breached and
code for the ransomware was leaked. Similarly, NB65 group took Ukraine’s side and retaliated with attacks on
VGTRK and the Russian Space Agency ‘Roscosmos’.
The group has created a unique ransomware from the leaked conti code and changed the ransomware note,
added .NB65 extension to the encrypted file’s names, and the encryption process was also modified to change the
decryptor.
Impact
Sensitive File Theft
File Encryption
Indicators of Compromise
Domain Name
thulleultinn[.]club
vaclicinni[.]xyz
tapavi[.]com
https://www.rewterz.com/rewterz-news/rewterz-threat-alert-leaked-conti-ransomware-used-to-target-russia-active-iocs
Page 1 of 2

oxythuler[.]cyou
dictorecovery[.]cyou
contirecovery[.]best
IP
83[.]97[.]20[.]160
82[.]118[.]21[.]1
68[.]183[.]20[.]194
23[.]82[.]140[.]137
Remediation
Block the threat indicators at their respective controls.
Search for IOCs in your environment.
Source: https://www.rewterz.com/rewterz-news/rewterz-threat-alert-leaked-conti-ransomware-used-to-target-russia-active-iocs
https://www.rewterz.com/rewterz-news/rewterz-threat-alert-leaked-conti-ransomware-used-to-target-russia-active-iocs
Page 2 of 2