Trigona Ransomware Group

Actor Type	Criminal Group
Directly Linked Intrusion Sets	CryLock Ransomware Group , Cryakl Ransomware Group

The Trigona Ransomware group reportedly began operations in 2022 and target both Windows and Linux systems.

Some researchers indicate that there is some overlap in tactics, techniques and procedures (TTPs) with the CryLock ransomware operators.

Cyber Threat Graph Context

Explore how this Intrusion Set relates to the wider threat graph

Trigona Ransomware Group Threat Reports

Report

Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours

This report by the DFIR Report outlines a Trigona Ransomware attack. It describes how the actors went from initial access (by exposed RDP) to data ...

View Source

References

MITRE ATT&CK Techniques

MITRE ATT&CK techniques observed in use by this intrusion set.

Search:

ATT&CK ID	Title	Associated Tactics
T1547.001	Registry Run Keys / Startup Folder	Persistence, Privilege Escalation
T1105	Ingress Tool Transfer	Command and Control
T1570	Lateral Tool Transfer	Lateral Movement
T1112	Modify Registry	Defense Evasion
T1567.002	Exfiltration to Cloud Storage	Exfiltration
T1562.001	Disable or Modify Tools	Defense Evasion
T1083	File and Directory Discovery	Discovery
T1135	Network Share Discovery	Discovery
T1033	System Owner/User Discovery	Discovery
T1069.002	Domain Groups	Discovery
T1018	Remote System Discovery	Discovery
T1486	Data Encrypted for Impact	Impact
T1021.001	Remote Desktop Protocol	Lateral Movement
T1059.001	PowerShell	Execution
T1059.003	Windows Command Shell	Execution
T1133	External Remote Services	Initial Access, Persistence
T1078	Valid Accounts	Defense Evasion, Initial Access, Persistence, Privilege Escalation

Showing 1 to 17 of 17 entries

Trigona Ransomware Group

Cyber Threat Graph Context

Trigona Ransomware Group Threat Reports

Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours

References

unit42.paloaltonetworks.com

thedfirreport.com

www.trendmicro.com

MITRE ATT&CK Techniques