Statements (55)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
cybercrime
|
| gptkbp:affiliation |
suspected former members of Conti ransomware group
|
| gptkbp:alsoKnownAs |
gptkb:Royal_ransomware_group
|
| gptkbp:area |
gptkb:Australia
gptkb:Canada gptkb:Europe gptkb:United_States |
| https://www.w3.org/2000/01/rdf-schema#label |
Royal APT
|
| gptkbp:language |
English
|
| gptkbp:listedOn |
gptkb:CISA
gptkb:FBI gptkb:HHS |
| gptkbp:mainActivity |
ransomware attacks
|
| gptkbp:motive |
financial gain
|
| gptkbp:notableBattle |
attack on Dallas city government in 2023
attack on US healthcare organizations in 2022 |
| gptkbp:notableFeature |
custom ransom notes
negotiation with victims direct operations by core group frequent rebranding no ransomware-as-a-service model |
| gptkbp:operatesSince |
2022
|
| gptkbp:origin |
unknown
|
| gptkbp:ransomDemanded |
cryptocurrency payments
|
| gptkbp:target |
private companies
healthcare sector government organizations critical infrastructure |
| gptkbp:technique |
phishing
data exfiltration living off the land lateral movement privilege escalation network reconnaissance double extortion encryption of files threatening to leak data disabling security software remote desktop protocol exploitation use of legitimate tools for malicious purposes |
| gptkbp:threats |
high
|
| gptkbp:usesMalware |
gptkb:Gozi
gptkb:Cobalt_Strike gptkb:Vidar gptkb:Chisel gptkb:ZLoader BATLOADER PSExec Qakbot Remote Monitoring and Management (RMM) tools Royal ransomware custom ransomware payloads |
| gptkbp:website |
dark web leak site
|
| gptkbp:bfsParent |
gptkb:Operation_Ke3chang
|
| gptkbp:bfsLayer |
7
|