Quantum Ransomware Actors

Also known as: Quantum Ransomware Actors

This Group object reflects the tools & TTPs associated with threat actors known to deploy Quantum ransomware (aka Quantum Locker, which derives from the MountLocker, AstroLocker, and XingLocker ransomware families). The Quantum group is known to publicly extort its victims.[Cybereason Quantum Ransomware May 9 2022] Researchers indicate the group is a rebranding of the “Conti Team Two” that formed after the fragmenting of the Ryuk/Conti ransom group in early 2022.[AdvIntel Bazar Call August 10 2022]

Introduction

This Group object reflects the tools & TTPs associated with threat actors known to deploy Quantum ransomware (aka Quantum Locker, which derives from the MountLocker, AstroLocker, and XingLocker ransomware families). The Quantum group is known to publicly extort its victims.[Cybereason Quantum Ransomware May 9 2022] Researchers indicate the group is a rebranding of the “Conti Team Two” that formed after the fragmenting of the Ryuk/Conti ransom group in early 2022.[AdvIntel Bazar Call August 10 2022]

Activities and Tactics

Information pending cataloguing.

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

  • CyberGate:
  • Cyber Eye RAT:
  • Archelaus Beta:

Attribution and Evidence

Information pending cataloguing.

References

[1] [Cybereason Quantum Ransomware May 9 2022 [2] [AdvIntel Bazar Call August 10 2022