In The Shadow Of Venus: Trinity Ransomware's Covert Ties  - Cyble
Tags
attack-pattern: Data Control Panel - T1218.002 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Defacement - T1491 File And Directory Discovery - T1420 Impersonation - T1656 Inhibit System Recovery - T1490 Internal Defacement - T1491.001 Lateral Tool Transfer - T1570 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Software - T1592.002 Access Token Manipulation - T1134 Deobfuscate/Decode Files Or Information - T1140 File And Directory Discovery - T1083 User Execution - T1204 User Execution
Show in Graph
Common Information
Type Value
UUID e2ae88c2-3c4f-4b64-a677-c472acbd6787
Fingerprint a63761f1a4beba9d
Analysis status DONE
Considered CTI value 2
Text language
Published May 10, 2024, 8:38 a.m.
Added to db Oct. 1, 2024, 3:40 p.m.
Last updated Nov. 17, 2024, 6:56 p.m.
Headline In the Shadow of Venus: Trinity Ransomware’s Covert Ties
Title In The Shadow Of Venus: Trinity Ransomware's Covert Ties  - Cyble
Detected Hints/Tags/Attributes 71/1/24
Source URLs
Redirection Url
Details Redirection https://cyble.com/blog/in-the-shadow-of-venus-trinity-ransomwares-covert-ties
Details Source https://cyble.com/blog/in-the-shadow-of-venus-trinity-ransomwares-covert-ties/
URL Provider
Details Provider Source level domain
Details cyble.com cyble.com
Attributes
Details Type #Events CTI Value
Details Domain 85 
onionmail.org
Details Domain 41 
www.hhs.gov
Details Domain 9 
www.broadcom.com
Details Email 1 
wehaveyourdata@onionmail.org
Details File 533 
ntdll.dll
Details File 367 
readme.txt
Details File 1 
48065934119990121.jpg
Details File 2 
venus-ransomware-analyst-note.pdf
Details md5 2 
949c438e4ed541877dce02b38bf593ad
Details sha1 2 
4c58d2d624d9bdf6b14a6f8563788785074947a7
Details sha256 2 
36696ba25bdc8df0612b638430a70e5ff6c5f9e75517ad401727be03b26d8ec4
Details MITRE ATT&CK Techniques 365 
T1204.002
Details MITRE ATT&CK Techniques 116 
T1134
Details MITRE ATT&CK Techniques 504 
T1140
Details MITRE ATT&CK Techniques 585 
T1083
Details MITRE ATT&CK Techniques 118 
T1570
Details MITRE ATT&CK Techniques 472 
T1486
Details MITRE ATT&CK Techniques 30 
T1491.001
Details MITRE ATT&CK Techniques 276 
T1490
Details Url 2 
https://www.hhs.gov/sites/default/files/venus-ransomware-analyst-note.pdf
Details Url 1 
https://www.broadcom.com/support/security-center/protection-bulletin/2023lock-ransomware
Details Windows Registry Key 3 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
Details Windows Registry Key 37 
HKCU\Control
Details Yara rule 1 
rule Trinity {
	meta:
		author = "Cyble Research and Intelligence Labs"
		description = "Detects Trinity Ransomware"
		date = "2024-05-10"
		os = "Windows"
	strings:
		$a1 = "pbsecGOOD" ascii fullword
		$a2 = "secpbGOOD" ascii fullword
		$b1 = "Wallaper" ascii fullword
		$b2 = "wehaveyourdata@onionmail.org" ascii wide nocase fullword
	condition:
		all of them
}