SYMBOLCOMMON_NAMEaka. SYNONYMS
win.trigona (Back to overview)

Trigona

According to PCrisk, Trigona is ransomware that encrypts files and appends the "._locked" extension to filenames. Also, it drops the "how_to_decrypt.hta" file that opens a ransom note. An example of how Trigona renames files: it renames "1.jpg" to "1.jpg._locked", "2.png" to "2.png._locked", and so forth.

It embeds the encrypted decryption key, the campaign ID, and the victim ID in the encrypted files.

References
2023-06-23TrendmicroArianne Dela Cruz, Paul Pajares, Ivan Nicole Chavez, Ieriz Nicolle Gonzalez, Nathaniel Morales
@online{cruz:20230623:overview:58e7e29, author = {Arianne Dela Cruz and Paul Pajares and Ivan Nicole Chavez and Ieriz Nicolle Gonzalez and Nathaniel Morales}, title = {{An Overview of the Different Versions of the Trigona Ransomware}}, date = {2023-06-23}, organization = {Trendmicro}, url = {https://www.trendmicro.com/en_us/research/23/f/an-overview-of-the-trigona-ransomware.html}, language = {English}, urldate = {2023-07-05} } An Overview of the Different Versions of the Trigona Ransomware
Trigona
2023-04-17AhnLabASEC
@online{asec:20230417:trigona:7dcaf83, author = {ASEC}, title = {{Trigona Ransomware Attacking MS-SQL Servers}}, date = {2023-04-17}, organization = {AhnLab}, url = {https://asec.ahnlab.com/en/51343/}, language = {English}, urldate = {2023-08-07} } Trigona Ransomware Attacking MS-SQL Servers
Trigona
2023-03-16Palo Alto Networks Unit 42Frank Lee, Scott Roland
@online{lee:20230316:beeware:1ad83b4, author = {Frank Lee and Scott Roland}, title = {{Bee-Ware of Trigona, An Emerging Ransomware Strain}}, date = {2023-03-16}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/trigona-ransomware-update/}, language = {English}, urldate = {2023-03-20} } Bee-Ware of Trigona, An Emerging Ransomware Strain
Cryakl MimiKatz Trigona
2023-02-02FortinetShunichi Imano
@online{imano:20230202:ransomware:f06b57a, author = {Shunichi Imano}, title = {{Ransomware Roundup – Trigona Ransomware}}, date = {2023-02-02}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/ransomware-roundup-trigona-ransomware}, language = {English}, urldate = {2023-02-06} } Ransomware Roundup – Trigona Ransomware
Trigona

There is no Yara-Signature yet.