Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours [Wednesday, January 31, 2024]

This report details an intrusion that began when a threat actor exploited an exposed RDP host, leading to data exfiltration and deployment of Trigo...
Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours [Wednesday, January 31, 2024]
Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours

Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours

Description :
This report details an intrusion that began when a threat actor exploited an exposed RDP host, leading to data exfiltration and deployment of Trigona ransomware in just three hours on Christmas Eve. The threat actor used batch scripts, SoftPerfect Netscan, and RDP for discovery, lateral movement, and execution. Data was exfiltrated via Rclone to Mega.io before executing Trigona across the network, encrypting systems and leaving ransom notes.

Published Created Modified
2024-01-31 11:54:46 2024-01-31 11:54:46 2024-01-31 13:06:08

Tags

Indicators

IPv4s : Malwares :
  • Trigona
Hashes :
  • 54586ffce0dcb658de916cc46539b5a1e564aaa72be2620fc4f9133ca54aba64
  • 277550c9d5771a13b65e90f5655150e365516215a714ffd3f075b5b426e2ddc1
  • d743daa22fdf4313a10da027b034c603eda255be037cb45b28faea23114d3b8a
  • 35ff76d763714812486a2f6ad656d124f3fcdfc4d16d49df6221325c8ae8827a
  • 12f838b54c6dac78f348828fe34f04ac355fa8cc24f8d7c7171d310767463c6c
  • 40fe2564e34168bf5470bbe0247bc614117334753a107b2baeb113154b4de6a7
  • 8cf27e05e639fcc273d3cceadf68e69573b58e74b4bfce8460a418366a782fbd
  • 0596b08f0f4c6526b568fc7c9d55abd95230a48feb07b67482392d31c40f3aea
  • 56b08aa03bd8c0ea094cfeb03d5954ffd857bac42df929dc835eea62f32b09e0
  • 6afb934834b97221dee10cbf97741c5fe058730460bfdbcf1da206758a296178
  • 8b5fdb358b26c09a01c56de4de69841c67051f64ac8afcdd56dfddee06fdaa7b
  • 7f7e61246445872aec37808a2c20f5f055fb5fba8bd3f5af5194762114700180
  • d6d8302d8db7f17aaa45059b60eb8de33166c95d1d833ca4d5061201e4737009
  • 8834c84cfd7e086f74a2ffa5b14ced2c039d78feda4bad610aba1c6bb4a6ce7f
  • 18f0898d595ec054d13b02915fb7d3636f65b8e53c0c66b3c7ee3b6fc37d3566
Intrusion set :
  • Trigona
MITRE ATT&CK Techniques : Other observables :
  • Technology

External References

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.