Conti Team One Splinter Group Resurfaces as Royal Ransomware with Callback Phishing Attacks
Tags
country: Brazil
maec-delivery-vectors: Watering Hole
attack-pattern: Data Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Remote Access Software - T1663 Remote Desktop Protocol - T1021.001 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 Remote Access Tools - T1219 Remote Desktop Protocol - T1076
Show in Graph
Common Information
Type Value
UUID dc5f2adf-1270-42a2-9e37-9915a2486be5
Fingerprint a430a958845396df
Analysis status DONE
Considered CTI value 2
Text language
Published Dec. 21, 2022, midnight
Added to db Dec. 21, 2022, 4:45 p.m.
Last updated Dec. 26, 2024, 12:14 a.m.
Headline Conti Team One Splinter Group Resurfaces as Royal Ransomware with Callback Phishing Attacks
Title Conti Team One Splinter Group Resurfaces as Royal Ransomware with Callback Phishing Attacks
Detected Hints/Tags/Attributes 63/3/28
Source URLs
Redirection Url
Details Source https://www.trendmicro.com/en_us/research/22/l/conti-team-one-splinter-group-resurfaces-as-royal-ransomware-wit.html
Details Source https://www.trendmicro.com/en_au/research/22/l/conti-team-one-splinter-group-resurfaces-as-royal-ransomware-wit.html
Details Source https://www.trendmicro.com/en_id/research/22/l/conti-team-one-splinter-group-resurfaces-as-royal-ransomware-wit.html
Details Source https://www.trendmicro.com/en_gb/research/22/l/conti-team-one-splinter-group-resurfaces-as-royal-ransomware-wit.html
Details Source https://www.trendmicro.com/en_ca/research/22/l/conti-team-one-splinter-group-resurfaces-as-royal-ransomware-wit.html
Details Source https://www.trendmicro.com/en_nz/research/22/l/conti-team-one-splinter-group-resurfaces-as-royal-ransomware-wit.html
URL Provider
Details Provider Source level domain
Details trendmicro.com www.trendmicro.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 119 Trend Micro Research, News and Perspectives https://feeds.feedburner.com/TrendMicroSimplySecurity 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 1 
trojan.win64.cobalt.be
Details Domain 1 
trojan.win32.deyma.am
Details Domain 3 
pua.win64.prochack.ac
Details Domain 1 
hacktool.win32.netscan.ag
Details Domain 5 
hacktool.win32.toolpow.sm
Details File 4 
c:\\windows\\system32\\vssadmin.exe
Details File 407 
readme.txt
Details File 8 
hacktool.bat
Details sha256 1 
c0063d24f3de4e7b89abf9b690a3d264efc6ab7a626f73ad9f42d6bffe52bce7
Details sha256 1 
fef79160f0ce9aa9dec15c914f2c2b40b2ae1ec2b0e65e414545dbc994afd73d
Details sha256 1 
3434271f2038afaddad4caad8000e390b3573b2b53e02841653a4ee0dfd73674
Details sha256 1 
0ac0b3758359855e96367b6c83b0aabdc6cfb59b4caa1cec48632defd21cdf3c
Details sha256 1 
451cef0085dc5b474cc5c68af079d0367d7d2ec73ae2210788beb5297e1fbd6d
Details sha256 1 
e710e902507ad63e1d2ce1220212b1a751b70504259457234103bb22845a9424
Details sha256 1 
2718dcbb503b6334078daf4af61e17a547fb80c9b811c26cfc9d32f5ce63a826
Details sha256 1 
abf937fb2f162d1dbbe76c7386c9892db5191e17de586f0a5c49819cd68b5e0f
Details sha256 4 
bd2c2cf0631d881ed382817afcce2b093f4e412ffb170a719e2762f250abfea4
Details sha256 4 
572d88c419c6ae75aeb784ceab327d040cb589903d6285bbffa77338111af14b
Details sha256 10 
094d1476331d6f693f1d546b53f1c1a42863e6cde014e2ed655f3cbe63e5ecde
Details sha256 14 
e8a3e804a96c716a3e9b69195db6ffb0d33e2433af871e4d4e1eab3097237173
Details sha256 4 
d1aa0ceb01cca76a88f9ee0c5817d24e7a15ad40768430373ae3009a619e2691
Details sha256 1 
bb48f5c915ab7bbbbbf092a20169aaf3ced46b492ed69550854a55254ce10572
Details sha256 1 
e263b9d5467bf724000966da2acfe06520a464c566e4b3d9833213f850f3f1f2
Details sha256 3 
ac49c114ef137cc198786ad8daefa9cfcc01f0c0a827b0e2b927a7edd0fca8b0
Details sha256 3 
2598e8adb87976abe48f0eba4bbb9a7cb69439e0c133b21aee3845dfccf3fb8f
Details sha256 1 
cdd7814074872fc35d18740cdd4e8a5fefcfd6b457fde2920383fd5b11903fc5
Details sha256 1 
a61b71ee73ea8c0f332591e361adeda04705c65b5f4d549066677ec4e71212f7
Details sha256 1 
56e8bd8b0c5bfb87956f7915bc47a9ecf5d338b804cee1dccacf53400d602be3