| Alias Description | Votes |
|---|---|
| Blacksuit is a possible alias for Royal Ransomware. BlackSuit is a new strain of malware, specifically ransomware, that has been causing significant damage to computer systems. It is believed to be a rebranding of the Royal ransomware gang, as indicated by similarities in code between the two. This suspicion was confirmed by warnings from both the Cy | 10 |
| Blacksuit Ransomware is a possible alias for Royal Ransomware. The BlackSuit ransomware, a malicious software variant designed to encrypt and ransom victims' files, emerged in May 2023 as a direct evolution of the Royal ransomware. The group behind this threat, known as Ignoble Scorpius, was identified by Unit 42 Threat Intelligence, which also observed an incr | 3 |
| Hive is a possible alias for Royal Ransomware. Hive is a form of malware, specifically ransomware, designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, Hive can steal personal information, disrupt operations, or hold data hostag | 2 |
| Alias Description | Association Type | Votes |
|---|---|---|
| The Conti Malware is associated with Royal Ransomware. Conti is a type of malware, specifically ransomware, which is designed to infiltrate and damage computer systems. This malicious software can enter systems through various methods such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal persona | is related to | 7 |
| The Batloader Malware is associated with Royal Ransomware. Batloader is a malware downloader posing as installers or updates for legitimate applications such as Microsoft Teams, Zoom, and others. This malicious software can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal | is related to | 5 |
| The Lockbit Malware is associated with Royal Ransomware. LockBit is a prominent ransomware-as-a-service (RaaS) malware that has been involved in numerous cyberattacks, demonstrating its staying power and adaptability. The malware, which can infiltrate systems through suspicious downloads, emails, or websites, is designed to exploit and damage computers or | Unspecified | 5 |
| The Blackbasta Malware is associated with Royal Ransomware. BlackBasta is a notorious malware group that has emerged as a significant player in the ransomware space. The group has demonstrated an ability to adapt and evolve their tactics, making them a leading entity in the Russian-language ransomware domain. Initially, BlackBasta was observed using a botnet | Unspecified | 4 |
| The QakBot Malware is associated with Royal Ransomware. Qakbot is a type of malware, or malicious software, that infiltrates computer systems to exploit and damage them. This harmful program can infect devices through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt ope | Unspecified | 3 |
| The IcedID Malware is associated with Royal Ransomware. IcedID is a malicious software (malware) that has been implicated in numerous cybercrime campaigns. It has been associated with other notable malware such as Qakbot, BazarLoader, CobaltStrike, Conti, Gozi, Trickbot, Quantum, Emotet, Pikabot, and SystemBC. Its distribution often involves the use of d | Unspecified | 2 |
| The Vidar Malware is associated with Royal Ransomware. Vidar is a malicious software (malware) that primarily targets Windows systems, written in C++ and based on the Arkei stealer. It has historically been favored by threat actors who sell logs through marketplaces like 2easy, alongside other infostealers such as Raccoon, RedLine, and AZORult. The malw | Unspecified | 2 |
| The Clop Malware is associated with Royal Ransomware. Clop, a malicious software (malware), is linked to a Russian-speaking cybercriminal group also known as Cl0p. It is designed to exploit and damage computer systems by stealing personal information, disrupting operations, or holding data hostage for ransom. In May 2023, the Clop group began exploitin | Unspecified | 2 |
| The Ghost Clown Malware is associated with Royal Ransomware. Ghost Clown is a malware entity that has been implicated in the deployment of malicious software, specifically ransomware strains like BlackBasta and Conti. This previously undetected ransomware group, along with another affiliate named Space Kook, were identified by anti-ransomware company Halcyon. | Unspecified | 2 |
| The TrickBot Malware is associated with Royal Ransomware. TrickBot is a notorious malware developed by cybercriminals to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. This malicious software can steal personal information, disrupt operations, or even hold data hostage for ransom. Vladimir Dunaev, | Unspecified | 2 |
| The Netsupport Manager Malware is associated with Royal Ransomware. NetSupport Manager is a malicious software (malware) that infiltrates systems through suspicious downloads, emails, or websites. Once inside, it can steal personal information, disrupt operations, or even hold your data hostage for ransom. The malware has been detected by InsightIDR Attacker Behavio | Unspecified | 2 |
| Alias Description | Association Type | Votes |
|---|---|---|
| The Alphv Threat Actor is associated with Royal Ransomware. Alphv, also known as BlackCat, is a threat actor group that has been linked to numerous cyberattacks, particularly targeting the healthcare sector. The group made headlines when it stole 5TB of data from Morrison Community Hospital, causing significant disruption and raising concerns about patient p | Unspecified | 3 |
| The Conti Team Threat Actor is associated with Royal Ransomware. The Conti team, a threat actor group known for its malicious activities in the cyber realm, has seen significant developments and transformations over recent years. In September 2022, a splinter group from Conti Team One resurfaced under the name Royal Ransomware, conducting callback phishing attack | is related to | 2 |
| The Medusa Threat Actor is associated with Royal Ransomware. Medusa, a threat actor group known for its malicious activities, has been increasingly involved in multiple high-profile cyber attacks. In November 2023, Medusa and other groups like LockBit and ALPHV (BlackCat) exploited a zero-day vulnerability, the Citrix Bleed (CVE-2023-4966), leading to numerou | Unspecified | 2 |
| The Space Kook Threat Actor is associated with Royal Ransomware. Space Kook is a threat actor, or malicious entity, identified in the cybersecurity industry for its involvement in ransomware operations. Named after a villain from Scooby Doo, Space Kook was first linked to malicious activities by Halcyon's analysis, which showed connections to an initial access br | Unspecified | 2 |
| The Zeon Threat Actor is associated with Royal Ransomware. Zeon, a known threat actor in the cybersecurity landscape, has been linked to several high-profile ransomware attacks. It was instrumental in crypting SVCReady and CargoBay loaders, observed in Quantum and Royal ransomware attacks respectively. Zeon has also employed third-party ransomware such as B | Unspecified | 2 |
| Preview | Source Link | CreatedAt | Title |
|---|---|---|---|
| Unit42 | a month ago | ||
| BankInfoSecurity | 4 months ago | ||
| Securityaffairs | 4 months ago | ||
| Securityaffairs | 5 months ago | ||
| CISA | 5 months ago | ||
| InfoSecurity-magazine | 5 months ago | ||
| Securityaffairs | 5 months ago | ||
| BankInfoSecurity | 6 months ago | ||
| Checkpoint | 6 months ago | ||
| DARKReading | 7 months ago | ||
| DARKReading | 7 months ago | ||
| BankInfoSecurity | 8 months ago | ||
| Checkpoint | 8 months ago | ||
| CERT-EU | 2 years ago | ||
| CERT-EU | 10 months ago | ||
| CERT-EU | 10 months ago | ||
| Unit42 | a year ago | ||
| DARKReading | a year ago | ||
| CERT-EU | a year ago | ||
| CERT-EU | a year ago |