Disgruntled Ransomware Affiliate Leaks the Conti Gang’s Technical Manuals

The leak will help some security firms put together stronger defensive playbooks that they can recommend to their customers in order to improve their ability to detect Conti intrusions—now knowing exactly what operations Conti affiliates might execute.

A disgruntled member of the Conti ransomware program has leaked today the manuals and technical guides used by the Conti gang to train affiliate members on how to access, move laterally, and escalate access inside a hacked company and then exfiltrate its data before encrypting files.

Leaked on an underground cybercrime forum named XSS earlier today, the files were shared by an individual who appears to have had an issue with the low amount of money the Conti gang was paying them to breach corporate networks.

XSS-Conti-leak
IMAGE: THE RECORD
XSS-Conti-leak-Cobalt
IMAGE: THE RECORD

In messages spammed across the forum, the individual shared screenshots of IP addresses where the Conti gang hosts Cobalt Strike command-and-control servers, which Conti affiliate members use to access hacked company networks.

In addition, the individual also published a RAR archive named “Мануали для работяг и софт.rar,” which roughly translates to “Manuals for hard workers and software.rar.”

This archive contains 37 text files with instructions on how to use various hacking tools and even legitimate software during a network intrusion.

For example, the leaked manuals contain guides on how to:

  • configure the Rclone software with a MEGA account for data exfiltration
  • configure the AnyDesk software as a persistence and remote access solution into a victim’s network [a known Conti tactic]
  • configure and use the Cobalt Strike agent
  • use the NetScan tool to scan internal networks
  • install the Metasploit pen-testing framework on a virtual private server (VPS)
  • connect to hacked networks via RDP using a Ngrok secure tunnel
  • elevate and gain admin rights inside a company’s hacked network
  • take over domain controllers
  • dump passwords from Active Directories (NTDS dumping)
  • perform SMB brute-force attacks
  • brute-force routers, NAS devices, and security cameras
  • use the ZeroLogon exploit
  • perform a Kerberoasting attack
  • disable Windows Defender protections
  • delete shadow volume copies
  • how affiliates can configure their own operating systems to use the Tor anonymity network, and more
XSS-Conti-leakk-files
IMAGE: THE RECORD

Leaks from Ransomware-as-a-Service (RaaS) operations are extremely rare; however, the data shared today isn’t anything that security researchers would describe as groundbreaking.

The leaked files contain guides for basic offensive tactics and techniques that the Conti and other ransomware gangs have used during previous intrusions for years.

However, the leak will help some security firms put together stronger defensive playbooks that they can recommend to their customers in order to improve their ability to detect Conti intrusions—now knowing exactly what operations Conti affiliates might execute.

Picture of Michael Duff

Michael Duff

Leave a Replay

Search

Our Latest News

FL Computer Tech is best choice for Managed-IT in Florida but what about the rest of the US? Choosing the right Managed Service Provider, aka MSP, is a daunting and critical responsibility and that’s why we created the  OutSourced MSP website.  OutSourced MSP is a Managed Service Provider directory website that helps businesses nationwide find reputable, Managed-IT services. Check it out!

Recent Posts

AddOn – AI and ML Connectivity Brochure

As AI environments scale, connectivity issues can impact performance and efficiency. ⚡ This brochure highlights @AddOn transceivers and cabling solutions validated for compatibility across leading platforms and real-world deployments. Take a closer look at connectivity designed to support reliable AI and ML performance at scale.

Read More »

Upgrade to the power of Windows 11 with Intel vPro

⏳ It’s time to upgrade. Download the datasheet, “Upgrade to the power of Windows 11 with Intel vPro,” for an overview of features in Windows 11 Pro with Intel vPro that reduce security incidents by 62% and speed workflows by 50%. Then, message us to start planning your upgrade with expert support. @Microsoft Windows

Read More »

Transitioning from Windows 10: A Strategic Guide

Successful upgrades start with a foundation you can trust. 🛡️ The eBook, “Transitioning from Windows 10: A Strategic Guide,” explains how Copilot+ PCs with Intel vPro simplify deployment and endpoint security. Download your complimentary copy to explore how your organization can move forward with the highest levels of security and manageability. @Microsoft Windows @Microsoft Copilot

Read More »

Follow Us

Video Archive

Sign up for our Newsletter

Looking for the latest in technology news? Do you like tips, tricks and shortcuts? Sign up today!

Looking for the Best Managed-IT Business Solutions?

Need immediate computer support? A certified technician is only a call and a click away.

Subscribe our newsletter to get our latest update & news

3501 Quadrangle Blvd
Suite #305
Orlando, FL 32817

1-(941) 564-5464

Open Hours:

Mon - Sat: 8 am - 5 pm,
Sunday: CLOSED
24/7 Emergency Services Available