A disgruntled Conti affiliate has leaked the gang’s training material when conducting attacks, including information about one of the ransomware’s operators. The affiliate said they posted the material as he was only paid $1,500 as part of an attack, while the rest of the team are making millions and promising big payouts after a victim pays a ransom. This information includes the IP addresses for Cobalt Strike C2 servers and a 113 MB archive containing numerous tools and training material for conducting ransomware attacks. Advanced Intel’s Vitali Kremez, who analyzed the archive, said the training material matches active Conti cases.
Source: https://www.bleepingcomputer.com/news/security/angry-conti-ransomware-affiliate-leaks-gangs-attack-playbook/