| Alias Description | Votes |
|---|---|
| Blacksuit is a possible alias for Royal Ransomware. BlackSuit is a new strain of malware, specifically ransomware, that has been causing significant damage to computer systems. It is believed to be a rebranding of the Royal ransomware gang, as indicated by similarities in code between the two. This suspicion was confirmed by warnings from both the Cy | 10 |
| Blacksuit Ransomware is a possible alias for Royal Ransomware. The BlackSuit ransomware, a malicious software variant designed to encrypt and ransom victims' files, emerged in May 2023 as a direct evolution of the Royal ransomware. The group behind this threat, known as Ignoble Scorpius, was identified by Unit 42 Threat Intelligence, which also observed an incr | 3 |
| Hive is a possible alias for Royal Ransomware. Hive is a form of malware, specifically ransomware, designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, Hive can steal personal information, disrupt operations, or hold data hostag | 2 |
| Alias Description | Association Type | Votes |
|---|---|---|
| The Conti Malware is associated with Royal Ransomware. Conti is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. Often spreading through suspicious downloads, emails, or websites, it can steal personal information, disrupt operations, or hold data hostage for ransom. Notably, Conti was linked to several ra | is related to | 7 |
| The Batloader Malware is associated with Royal Ransomware. Batloader is a malware downloader posing as installers or updates for legitimate applications such as Microsoft Teams, Zoom, and others. This malicious software can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal | is related to | 5 |
| The Lockbit Malware is associated with Royal Ransomware. LockBit is a malicious software, or malware, known for its damaging and exploitative functions. It infiltrates systems via dubious downloads, emails, or websites, often without the user's knowledge, and can steal personal information, disrupt operations, or hold data hostage for ransom. The LockBit | Unspecified | 5 |
| The Blackbasta Malware is associated with Royal Ransomware. BlackBasta is a notorious malware, particularly known for its ransomware attacks. The group behind it has been linked with other harmful software such as IcedID, NetSupport, Gozi, PikaBot, Pushdo, Quantum, Royal, and Nokoyawa. Artifacts and indicators of compromise (IoCs) suggest a possible relation | Unspecified | 4 |
| The QakBot Malware is associated with Royal Ransomware. Qakbot is a malicious software (malware) designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user, with the potential to steal personal information, disrupt operations, or hold data for ransom. Built by d | Unspecified | 3 |
| The IcedID Malware is associated with Royal Ransomware. IcedID is a malicious software (malware) that has been implicated in numerous cybercrime campaigns. It has been associated with other notable malware such as Qakbot, BazarLoader, CobaltStrike, Conti, Gozi, Trickbot, Quantum, Emotet, Pikabot, and SystemBC. Its distribution often involves the use of d | Unspecified | 2 |
| The Vidar Malware is associated with Royal Ransomware. Vidar is a malicious software (malware) that primarily targets Windows systems, written in C++ and based on the Arkei stealer. It has historically been favored by threat actors who sell logs through marketplaces like 2easy, alongside other infostealers such as Raccoon, RedLine, and AZORult. The malw | Unspecified | 2 |
| The Clop Malware is associated with Royal Ransomware. Clop, a malicious software (malware), is linked to a Russian-speaking cybercriminal group also known as Cl0p. It is designed to exploit and damage computer systems by stealing personal information, disrupting operations, or holding data hostage for ransom. In May 2023, the Clop group began exploitin | Unspecified | 2 |
| The Ghost Clown Malware is associated with Royal Ransomware. Ghost Clown is a malware entity that has been implicated in the deployment of malicious software, specifically ransomware strains like BlackBasta and Conti. This previously undetected ransomware group, along with another affiliate named Space Kook, were identified by anti-ransomware company Halcyon. | Unspecified | 2 |
| The TrickBot Malware is associated with Royal Ransomware. TrickBot is a notorious malware developed by cybercriminals to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. This malicious software can steal personal information, disrupt operations, or even hold data hostage for ransom. Vladimir Dunaev, | Unspecified | 2 |
| The Netsupport Manager Malware is associated with Royal Ransomware. NetSupport Manager is a malicious software (malware) that infiltrates systems through suspicious downloads, emails, or websites. Once inside, it can steal personal information, disrupt operations, or even hold your data hostage for ransom. The malware has been detected by InsightIDR Attacker Behavio | Unspecified | 2 |
| Alias Description | Association Type | Votes |
|---|---|---|
| The Alphv Threat Actor is associated with Royal Ransomware. Alphv, also known as BlackCat, is a notable threat actor in the cybersecurity landscape. Originating from Russia, this cybercriminal group has been involved in multiple high-profile ransomware attacks, specifically targeting healthcare providers. They gained significant attention after stealing 5TB | Unspecified | 3 |
| The Conti Team Threat Actor is associated with Royal Ransomware. The Conti team, a threat actor group known for its malicious activities in the cyber realm, has seen significant developments and transformations over recent years. In September 2022, a splinter group from Conti Team One resurfaced under the name Royal Ransomware, conducting callback phishing attack | is related to | 2 |
| The Medusa Threat Actor is associated with Royal Ransomware. Medusa, a threat actor group known for its malicious activities, has been increasingly involved in multiple high-profile cyber attacks. In November 2023, Medusa and other groups like LockBit and ALPHV (BlackCat) exploited a zero-day vulnerability, the Citrix Bleed (CVE-2023-4966), leading to numerou | Unspecified | 2 |
| The Space Kook Threat Actor is associated with Royal Ransomware. Space Kook is a threat actor, or malicious entity, identified in the cybersecurity industry for its involvement in ransomware operations. Named after a villain from Scooby Doo, Space Kook was first linked to malicious activities by Halcyon's analysis, which showed connections to an initial access br | Unspecified | 2 |
| The Zeon Threat Actor is associated with Royal Ransomware. Zeon, a known threat actor in the cybersecurity landscape, has been linked to several high-profile ransomware attacks. It was instrumental in crypting SVCReady and CargoBay loaders, observed in Quantum and Royal ransomware attacks respectively. Zeon has also employed third-party ransomware such as B | Unspecified | 2 |
| Preview | Source Link | CreatedAt | Title |
|---|---|---|---|
| Unit42 | 2 days ago | ||
| BankInfoSecurity | 3 months ago | ||
| Securityaffairs | 3 months ago | ||
| Securityaffairs | 3 months ago | ||
| CISA | 4 months ago | ||
| InfoSecurity-magazine | 4 months ago | ||
| Securityaffairs | 4 months ago | ||
| BankInfoSecurity | 5 months ago | ||
| Checkpoint | 5 months ago | ||
| DARKReading | 6 months ago | ||
| DARKReading | 6 months ago | ||
| BankInfoSecurity | 7 months ago | ||
| Checkpoint | 7 months ago | ||
| CERT-EU | 2 years ago | ||
| CERT-EU | 9 months ago | ||
| CERT-EU | 9 months ago | ||
| Unit42 | 10 months ago | ||
| DARKReading | 10 months ago | ||
| CERT-EU | 10 months ago | ||
| CERT-EU | 10 months ago |