Cyber Resilience

Campaign · all campaigns

C0015C0015 unknown

aka C0015

Last updated: 2026-07-03

0attributed CVEs
46ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
years active

About this actor

[C0015](https://attack.mitre.org/campaigns/C0015) was a ransomware intrusion during which the unidentified attackers used [Bazar](https://attack.mitre.org/software/S0534), [Cobalt Strike](https://attack.mitre.org/software/S0154), and [Conti](https://attack.mitre.org/software/S0575), along with other tools, over a 5 day period. Security researchers assessed the actors likely used the widely-circulated [Conti](https://attack.mitre.org/software/S0575) ransomware playbook based on the observed pattern of activity and operator errors.(Citation: DFIR Conti Bazar Nov 2021)

Source: MITRE ATT&CK

Activity timeline

No activity events recorded.

Profile

CVERiskCVSSEPSSPublishedProducts
No attributed CVEs.

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-428 / 4661%
CM-623 / 4650%
CM-222 / 4648%
SI-322 / 4648%
CM-718 / 4639%
AC-317 / 4637%
CA-716 / 4635%
SI-716 / 4635%
AC-615 / 4633%
SC-715 / 4633%
SI-1014 / 4630%
AC-213 / 4628%
AC-413 / 4628%
SI-210 / 4622%
RA-59 / 4620%

Co-occurring actors

None.

Similar actors

Similar TTPs