Here's a thread on some of the interesting things we've seen in the #ContiLeaks.
If you would like to read the chat logs and TrickBot Forum information, @Kostastsale has translated them to English here: github.com/tsale/translat…. He will be adding more as things get leaked.
New chat logs from the 26 Feb to the 28 Feb were released. It included an entertaining exchange where the user "pumba" was not happy with their work partner "tramp" (also referred to as “trump”). “Pumba” ends the conversation by asking to be moved to another team. #ContiLeaks
Leaked Bazar Bot panels show hundreds of past infected clients. Entries contain comments that include reconnaissance of revenue, and tracking work to be done. #ContiLeaks
1. Dump LSASS via #CobaltStrike, RDP, Mimikatz 2. AnyDesk install/exec 3. Scheduled task and wmic exec 4. AdFind! The same script we've been seeing since 2019