In my most recent analysis on the Conti Ransomware Gang I established a direct connection between a Russia based rap and hip hop recording studio and members of the Conti Ransomware Gang.
The following attribution analysis aims to provide an in-depth including an additional set of related comments and elaboration including never-discussed or published before personally identifiable technical information confirming my original methodology results where I offered practical and relevant OSINT research and analysis on cyber threat actors which are directly related to the Conti Ransomware Gang in the context of having a Conti Ransomware Gang team member that’s involved in producing the gang’s marketing and advertising creative who is also involved in producing related marketing and advertising creative for other clients companies and organizations.
In this analysis I’ll take an in-depth look inside the primary sources which I used to obtain the leaked internal Conti Ransomware Gang internal communication and the process which based on my methodology that I used for data mining their internal leaked and publicly accessible internal communication produced successful and remarkable and never-discussed and published before personally identifiable information on some of the key activities of the Conti Ransomware Gang in the spirit of some of their “upcoming” brands and advertising and marketing creative activities.
I will also go in-depth and further elaborate and verify some of the previous research which I presented in terms of elaborating in-depth on some of the EXIF file analysis based on some of the internal leaked screenshots and related marketing and advertising creative of the gang which I obtained by first obtaining access to their publicly accessible internal leaked communication and their using my methodology to data mine process and enrich their internal leaked communication with a lot of success and a lot of positive results in terms of offering the big picture and an additional set of personally identifiable information on some of their “upcoming”brands including related activities that they’re involved in such as for instance several Russia based rap and hip hop recording studios a children’s online store including several Russia based fashion brands including a charity foundation where I did my best to collect the necessary details behind these individuals using my methodology including based on my research and analysis.
Key summary points:
Key summary points examples using EXIF analysis indicating that we have the exact same individual that’s hosting the entire Conti Ransomware Gang’s marketing and advertising compilation on Yandex Disk is indeed doing so and that we also have members of the Russia based Plastika rap and hip hop recording studio producing the Conti Ransomware Gang’s marketing and advertising creative including members of their own marketing and advertising creative team namely W8D8DIGITAL who are also busy producing marketing and advertising creative for the Conti Ransomware Gang:
Sample screenshot of sample internal leaked URLs of the Conti Ransomware Gang that represent screenshots and images courtesy of the gang which were automatically obtained for the purpose of data mining their internal leaked communication with success
Sample Conti Ransomware Gang Cyber Threat Actor Attribution Analysis Methodology:
Sample images and videos involved in the analysis include:
111.avi - ae_project_link_full_path - X:\YandexDisk\DESIGN\баннеры-новые-234\Untitled Project.aep
ebases.mp4 - ae_project_link_full_path - X:\W8D8\VIDEOproj\email-bases1.aep
red2.avi - ae_project_link_full_path - C:\Users\plast\Documents\Adobe\Premiere Pro\14.0\Без названия.prproj
www.mp4 - ae_project_link_full_path - X:\W8D8\VIDEOproj\banner-www.aep
БАННЕРскруджд.avi - ae_project_link_full_path - C:\Users\AAA\AQ\proj.video\Без имени (видео)\баннер планетка.prpro
Sample EXIF related details for this campaign include:
Related image:
EXIF Metadata on one of the images obtained from the leaked Conti Ransomware Gang’s internal leaked communication using public sources indicating that the author of the image is Reformer Graphics
Reformer Graphics (Belarus)
Sovetskaya str., 48/15, Grodno, 230021, Belarus
Phone: +79107337839
E-mail: hello[.]reformermockup.com
Phone: +79107337839
E-mail: hello[.]reformermockup.com
hxxp://graphicriver.net/user/_reformer_
hxxp://packreate.com/vendor/cct/
hxxp://reformermockup.com/
hxxp://dribbble.com/Reformer_graphics
hxxp://www.facebook.com/ReformerMockup
hxxp://www.behance.net/marlot13a49
hxxp://twitter.com/SiarheiTsitou
hxxp://www.facebook.com/iReformer
hxxp://www.instagram.com/reformer_mockup/
hxxp://www.pinterest.com/cct0594/
Sample photos from the obtained compilation:
Sample related photos: