The Royal ransomware group is enhancing its downloader malware by adopting tactics and techniques that seem to be directly influenced by other post-Conti groups. The malware loader appears to be at its nascent stage and has a single purpose of deploying Cobalt Strike. Organizations are urged to timely report TTPs of the threat so that other organizations can fend it off.