Links submitted by the Threat Radar community and AI curated for defenders.

Community Curated

Check Point Research

CVE Database V5

AlienVault OTX General

Bleeping Computer

SANS ISC Handlers Diary

SecurityWeek

Threatpost

Reddit ExploitDev

Exploit-DB RSS Feed

Reddit ThreatIntel

Reddit BlueTeam

Reddit Reverse Engineering

Reddit Malware

Reddit Cybersecurity

Reddit NetSec

ThreatFox MISP Feed

CIRCL OSINT Feed

NCSC UK

GCP Compute Engine Security

GCP Kubernetes Security

AWS Security Bulletins

CERT/CC

Tenable Research

Google Project Zero

Microsoft Security Blog

Cisco Talos

Zero Day Initiative

Palo Alto Unit 42

Kaspersky Security Blog

Krebs on Security

GCVE Database

Reddit InfoSec News

The Hacker News

Dark Reading

AlienVault OTX Vulnerabilities

AlienVault OTX Malware

JVN Japan

Trigona ransomware affiliates have developed and deployed a custom exfiltration tool named uploader_client. exe, observed in attacks during March 2026. This tool uses parallel data streams, connection rotation, and file filtering to evade detection and streamline data theft. Attackers disable endpoint protections at the kernel level using multiple utilities before exfiltration. Remote access and credential theft are facilitated by AnyDesk and tools like Mimikatz. This represents a more technically sophisticated approach than typical ransomware affiliate operations.

The Trigona ransomware affiliate group has introduced a proprietary exfiltration tool, uploader_client.exe, to replace common off-the-shelf utilities such as Rclone. This command-line tool supports parallel data streams, connection rotation to avoid network monitoring, and granular file filtering, enhancing stealth and efficiency in data theft. Prior to exfiltration, attackers deploy kernel-level security-disabling tools including HRSword, PCHunter, and BYOVD utilities to terminate endpoint protection mechanisms. Remote access is maintained via AnyDesk, while credential harvesting is conducted using Mimikatz and Nirsoft utilities. This custom tooling indicates a higher technical maturity and operational security focus within the Trigona affiliate operations.

Detailed information about Trigona Affiliates Deploy Custom Exfiltration Tool to Streamline Data Theft. Get real-time updates, technical details, and mitigation

Trigona Affiliates Deploy Custom Exfiltration Tool to Streamline Data Theft - Live Threat Intelligence - Threat Radar | OffSeq.com

Trigona Affiliates Deploy Custom Exfiltration Tool to Streamline Data Theft

Threats Tagged 'pchunter'

Stop chasing alerts. Route them.

Check if your credentials are on the dark web

Filter Threats

Threats Tagged 'pchunter'

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility