Skip to main content
Threat Radar animated logo
DashboardThreatsMapFeedsPricingView Plans & Pricing
reconnecting
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.

Threats Tagged 'trigona'

View all threats tagged with 'trigona'. Filter and sort to focus on specific types of threats.

Pro Console Lifetime

Stop chasing alerts. Route them.

Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.

Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)

View Plans & Pricing

API access activates after upgrading in Console -> Billing.

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

Filter Threats

Narrow down the results by type, severity, or affected countries

Search threats by title, CVE ID, or description. Maximum 100 characters.
Active filters (1):Tag: trigona

Threats Tagged 'trigona'

Click on any threat for detailed analysis and mitigation recommendations

Trigona Affiliates Deploy Custom Exfiltration Tool to Streamline Data Theft
0

Trigona ransomware affiliates have developed and deployed a custom exfiltration tool named uploader_client. exe, observed in attacks during March 2026. This tool uses parallel data streams, connection rotation, and file filtering to evade detection and streamline data theft. Attackers disable endpoint protections at the kernel level using multiple utilities before exfiltration. Remote access and credential theft are facilitated by AnyDesk and tools like Mimikatz. This represents a more technically sophisticated approach than typical ransomware affiliate operations.

MediumMalware#trigona#ransomware-as-a-service#kernel driver abuse
Join the discussion
Analysis of Trigona Threat Actor's Latest Attack Cases
0

The Trigona threat actor continues to target MS-SQL servers through brute-force and dictionary attacks, exploiting weak credentials. They use CLR Shell for additional payloads and employ various tools like BCP, Curl, Bitsadmin, and PowerShell to install malware. The attackers utilize remote control tools such as AnyDesk, RDP, and possibly Teramind. New scanner malware written in Rust targets RDP and MS-SQL services. The threat actor also uses tools like SpeedTest and a custom StressTester. Various privilege escalation and file manipulation tools are employed. To protect against these attacks, administrators should use complex passwords, regularly update security software, and implement firewalls to control access to database servers.

MediumMalwareGermanyGermanyUnited KingdomUnited KingdomFranceFrance+4#remote-control#ransomware#trigona
Join the discussion

Showing 1 to 2 of 2 results

Filters:Tag: trigona
Page 1 of 1
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses