Bee-Ware of Trigona, An Emerging Ransomware Strain
Tags
cmtmf-attack-pattern: Command And Scripting Interpreter Obfuscated Files Or Information
country: Germany France Italy Japan Russia United States Of America
attack-pattern: Data Accessibility Features - T1546.008 Bypass User Account Control - T1548.002 Clear Windows Event Logs - T1070.001 Command And Scripting Interpreter - T1623 Credentials - T1589.001 Credentials From Password Stores - T1555 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Disable Or Modify System Firewall - T1562.004 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Disable Windows Event Logging - T1562.002 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Email Addresses - T1589.002 File Deletion - T1070.004 File Deletion - T1630.002 Ingress Tool Transfer - T1544 Inhibit System Recovery - T1490 Ip Addresses - T1590.005 Javascript - T1059.007 Lateral Tool Transfer - T1570 Local Account - T1087.001 Local Account - T1136.001 Local Groups - T1069.001 System Network Configuration Discovery - T1422 Lsass Memory - T1003.001 Malware - T1587.001 Malware - T1588.001 Masquerade Task Or Service - T1036.004 Match Legitimate Name Or Location - T1036.005 Match Legitimate Name Or Location - T1655.001 Obfuscated Files Or Information - T1406 System Information Discovery - T1426 Registry Run Keys / Startup Folder - T1547.001 Remote Access Software - T1663 Remote Desktop Protocol - T1021.001 Server - T1583.004 Server - T1584.004 Service Stop - T1489 Software - T1592.002 Ssh - T1021.004 Web Services - T1583.006 Web Services - T1584.006 Tool - T1588.002 Accessibility Features - T1015 Account Manipulation - T1098 Bypass User Account Control - T1088 Command-Line Interface - T1059 Connection Proxy - T1090 Create Account - T1136 Credential Dumping - T1003 Deobfuscate/Decode Files Or Information - T1140 File Deletion - T1107 Indicator Removal On Host - T1070 Remote File Copy - T1105 Modify Registry - T1112 Network Service Scanning - T1046 Obfuscated Files Or Information - T1027 Permission Groups Discovery - T1069 Registry Run Keys / Start Folder - T1060 Remote Access Tools - T1219 Remote Desktop Protocol - T1076 Third-Party Software - T1072 System Information Discovery - T1082 System Network Configuration Discovery - T1016 Service Stop
Show in Graph
Common Information
Type Value
UUID 959f47f1-3ed9-4228-80cd-e817793fa7e1
Fingerprint 84b1615b615dae06
Analysis status DONE
Considered CTI value 2
Text language
Published March 16, 2023, 1 p.m.
Added to db March 18, 2023, 8:55 a.m.
Last updated Nov. 17, 2024, 10:40 p.m.
Headline Bee-Ware of Trigona, An Emerging Ransomware Strain
Title Bee-Ware of Trigona, An Emerging Ransomware Strain
Detected Hints/Tags/Attributes 206/3/78
Source URLs
Redirection Url
Details Source https://unit42.paloaltonetworks.com/trigona-ransomware-update/
Details Redirection https://unit42.paloaltonetworks.com/trigona-ransomware-update/?&web_view=true
Details Source https://unit42.paloaltonetworks.com/trigona-ransomware-update/?web_view=true
URL Provider
Details Provider Source level domain
Details paloaltonetworks.com unit42.paloaltonetworks.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 99 Cyware News - Latest Cyber News https://cyware.com/allnews/feed 2024-08-30 22:08
Details 256 Unit 42 https://unit42.paloaltonetworks.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 85 
onionmail.org
Details Domain 167 
tutanota.com
Details Domain 1 
mailthink.net
Details Domain 2 
3x55o3u2b7cjs54eifja5m3ottxntlubhjzt6k6htp5nrocjmsxxh7ad.onion
Details Email 1 
phandaledr@onionmail.org
Details Email 4 
farusbig@tutanota.com
Details Email 1 
auction@mailthink.net
Details File 41 
svhost.exe
Details File 32 
start.bat
Details File 6 
turnoff.bat
Details File 5 
newuser.bat
Details File 1 
dc2.exe
Details File 4 
dc4.exe
Details File 2126 
cmd.exe
Details File 11 
helppane.exe
Details File 30 
utilman.exe
Details File 9 
magnify.exe
Details File 33 
sethc.exe
Details File 1 
dc6.exe
Details File 3 
mim.exe
Details File 1 
mim32.exe
Details File 3 
zam.exe
Details File 1 
zam.bat
Details File 1122 
svchost.exe
Details File 40 
netscan.exe
Details File 5 
netscan.xml
Details md5 1 
4dbf44c6b1be736ee92ef90090452fc2
Details sha256 1 
bef87e4d9fcaed0d8b53bce84ff5c5a70a8a30542100ca6d7822cbc8b76fef13
Details sha256 1 
853909af98031c125a351dad804317c323599233e9b14b79ae03f9de572b014e
Details sha256 1 
24123421dd5b78b79abca07bf2dac683e574bf9463046a1d6f84d1177c55f5e5
Details sha256 1 
4724ee7274c31c8d418904ee7e600d92680a54fecdac28606b1d73a28ecb0b1e
Details sha256 1 
e22008893c91cf5bfe9f0f41e5c9cdafae178c0558728e9dfabfc11c34769936
Details sha256 1 
8d069455c913b1b2047026ef290a664cef2a2e14cbf1c40dce6248bd31ab0067
Details sha256 1 
544a4621cba59f3cc2aeb3fe34c2ee4522593377232cd9f78addfe537e988ddc
Details sha256 1 
a15c7b264121a7c202c74184365ca13b561fb303fb8699299039a59ab376adc6
Details sha256 1 
b7fba3abee8fd3bdac2d05c47ab75fdaa0796722451bed974fb72e442ab4fefd
Details sha256 1 
e5cf252041045b037b9a358f5412ae004423ad23eac17f3b03ebef7c8147a3bb
Details sha256 1 
5603d4035201a9e6d0e130c561bdb91f44d8f21192c8e2842def4649333757ab
Details sha256 1 
69f245dc5e505d2876e2f2eec87fa565c707e7c391845fa8989c14acabc2d3f6
Details sha256 1 
94979b61bba5685d038b4d66dd5e4e0ced1bba4c41ac253104a210dd517581b8
Details sha256 1 
9c8a4159166062333f2f74dd9d3489708c35b824986b73697d5c34869b2f7853
Details sha256 1 
c5d09435d428695ce41526b390c17557973ee9e7e1cf6ca451e5c0ae443470ca
Details IPv4 1 
45.227.253.99
Details IPv4 1 
45.227.253.106
Details IPv4 1 
45.227.253.98
Details IPv4 1 
45.227.253.107
Details MITRE ATT&CK Techniques 50 
T1072
Details MITRE ATT&CK Techniques 14 
T1546.008
Details MITRE ATT&CK Techniques 86 
T1136
Details MITRE ATT&CK Techniques 112 
T1098
Details MITRE ATT&CK Techniques 627 
T1027
Details MITRE ATT&CK Techniques 550 
T1112
Details MITRE ATT&CK Techniques 70 
T1562.004
Details MITRE ATT&CK Techniques 92 
T1070.001
Details MITRE ATT&CK Techniques 297 
T1070.004
Details MITRE ATT&CK Techniques 57 
T1036.004
Details MITRE ATT&CK Techniques 172 
T1555
Details MITRE ATT&CK Techniques 173 
T1003.001
Details MITRE ATT&CK Techniques 168 
T1046
Details MITRE ATT&CK Techniques 65 
T1069
Details MITRE ATT&CK Techniques 160 
T1021.001
Details MITRE ATT&CK Techniques 118 
T1570
Details MITRE ATT&CK Techniques 492 
T1105
Details MITRE ATT&CK Techniques 141 
T1219
Details MITRE ATT&CK Techniques 472 
T1486
Details MITRE ATT&CK Techniques 197 
T1489
Details MITRE ATT&CK Techniques 276 
T1490
Details MITRE ATT&CK Techniques 695 
T1059
Details MITRE ATT&CK Techniques 51 
T1136.001
Details MITRE ATT&CK Techniques 298 
T1562.001
Details MITRE ATT&CK Techniques 504 
T1140
Details MITRE ATT&CK Techniques 183 
T1036.005
Details MITRE ATT&CK Techniques 20 
T1562.002
Details MITRE ATT&CK Techniques 289 
T1003
Details MITRE ATT&CK Techniques 245 
T1016
Details MITRE ATT&CK Techniques 1006 
T1082
Details MITRE ATT&CK Techniques 380 
T1547.001
Details MITRE ATT&CK Techniques 86 
T1548.002