Conti Recon And Initial Access

Stage a phishing email in user's Documents directory then open it. Next, stage and launch a malicious PDF in user's Downloads directory. The malicious PDF creates a C:\Conti directory to stage and launch a Jambi agent. Learn more on our release blog post >

This chain includes the following resources:(hover over elements to read details)

TTPs
  • Stage and launch Jambi
  • Stage and execute Conti phishing email
  • Stage and launch Conti phishing payload
Supported platforms
  • windows
Supported executors
  • psh
Payloads
  • Jambi-Windows.ps1
  • fromrussiawithlove.eml
  • fromrussiawithlove.pdf
In The News
Conti Ransom Gang Starts Selling Access to Victims – Krebs on Security
Threat Intel
Conti Ransomware | CISA

Use Prelude chains to test your defense with simulated adversaries.
New chains drop weekly on #TTPtuesday

The Prelude Operator App

Run attack chains in the Prelude Operator app, available on all systems. Defend your organization by mimicking real adversarial attacks, and more.

Download

Operator in Action

Upcoming

Next Chain Drop
6:11:58:01
2022-01-18

More Chains

Next →

S(C)wipe

2022-01-04
tactics
impact
Tags
ransomware
destructive
Platforms
linux
The purpose of this chain is to deliver a ransomware attack (for Linux) without using a traditional encryption method, therefore becoming harder to detect and presenting an alternative method to a current potential “blind spot” in defenses.

Latest Drop

Conti Recon And Initial Access

2022-01-11
tactics
execution
initial-access
Tags
Platforms
windows
Stage a phishing email in user's Documents directory then open it. Next, stage and launch a malicious PDF in user's Downloads directory. The malicious PDF creates a C:\Conti directory to stage and launch a Jambi agent.