Royal APT

GPTKB entity

Statements (55)
Predicate Object
gptkbp:instanceOf cybercrime
gptkbp:affiliation suspected former members of Conti ransomware group
gptkbp:alsoKnownAs gptkb:Royal_ransomware_group
gptkbp:area gptkb:Australia
gptkb:Canada
gptkb:Europe
gptkb:United_States
https://www.w3.org/2000/01/rdf-schema#label Royal APT
gptkbp:language English
gptkbp:listedOn gptkb:CISA
gptkb:FBI
gptkb:HHS
gptkbp:mainActivity ransomware attacks
gptkbp:motive financial gain
gptkbp:notableBattle attack on Dallas city government in 2023
attack on US healthcare organizations in 2022
gptkbp:notableFeature custom ransom notes
negotiation with victims
direct operations by core group
frequent rebranding
no ransomware-as-a-service model
gptkbp:operatesSince 2022
gptkbp:origin unknown
gptkbp:ransomDemanded cryptocurrency payments
gptkbp:target private companies
healthcare sector
government organizations
critical infrastructure
gptkbp:technique phishing
data exfiltration
living off the land
lateral movement
privilege escalation
network reconnaissance
double extortion
encryption of files
threatening to leak data
disabling security software
remote desktop protocol exploitation
use of legitimate tools for malicious purposes
gptkbp:threats high
gptkbp:usesMalware gptkb:Gozi
gptkb:Cobalt_Strike
gptkb:Vidar
gptkb:Chisel
gptkb:ZLoader
BATLOADER
PSExec
Qakbot
Remote Monitoring and Management (RMM) tools
Royal ransomware
custom ransomware payloads
gptkbp:website dark web leak site
gptkbp:bfsParent gptkb:Operation_Ke3chang
gptkbp:bfsLayer 7