Ransomware.live - Group : Trinity

Ransomware Group:

Trinity

Sponsored by Hudson Rock – Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Sites

Title	Available	Last Visit	FQDN	Screenshot
rans	🟢	2024-11-21 08:00:42.295649	txtggyng5euqkyzl2knbejwpm4rlq575jn2egqldu27osbqytrj6ruyd.onion	📸

Yara Rules

Click here to open yara rules

Activity over time

Worldmap

10 Victims

Barnes & Cohen

Ransomware Group:

Discovery Date: 2024-10-03 19:04

Sector: Not Found

15Gb - Revenue: <$5 Million - Publication date: 2024-11-04

Victim: | Group:

FoccoERP

Ransomware Group:

Discovery Date: 2024-10-02 07:10

Sector: Technology

Data base 300 GB - Revenue: $ 20 Million - Publication date: 2024-11-01

Victim: | Group:

Fabrica Industrial Machinery & Equipment

Ransomware Group:

Discovery Date: 2024-09-23 10:08

Sector: Manufacturing

Data base 20+tb - Revenue: $ 59.2 Million - Publication date: 2024-10-23

Victim: | Group:

INTERNAL.ROCKYMOUNTAINGASTRO.COM

Ransomware Group:

Discovery Date: 2024-09-15 12:09

Sector: Healthcare

330Gb - Revenue: $60.3 Million - Publication date: 2024-10-16

Victim: | Group:

welland

Ransomware Group:

Discovery Date: 2024-09-01 06:10

Sector: Construction

full data base - Revenue: <$5 Million - Publication date: 2024-10-01

Victim: | Group:

Cosmetic Dental Group

Ransomware Group:

Discovery Date: 2024-08-18 14:25

Sector: Healthcare

3.63 Tb - Revenue: <$5 Million - Publication date: 2024-09-18

Victim: | Group:

Banner and Associates

Ransomware Group:

Discovery Date: 2024-08-13 13:03

Sector: Not Found

full data base(1,5 TB) - Revenue: $7.6 Million - Publication date: 2024-09-20

Victim: | Group:

sgvfr.com

Ransomware Group:

Discovery Date: 2024-06-12 13:46

Sector: Financial Services

sgvfr.com - Revenue: 5kk - Publication date: 2024-06-30

Victim: | Group:

CBSTRAINING

Ransomware Group:

Discovery Date: 2024-06-12 09:57

Sector: Business Services

CBSTRAINING - Publication date: 2024-06-30

Victim: | Group:

filmetrics corporation

Ransomware Group:

Discovery Date: 2024-06-11 08:07

Estimated Attack Date: 2024-06-06

Sector: Technology

www.filmetrics.com.ph

Victim: | Group:

×

Infostealer information available for

Employees(s)	Customer(s)	Third Party Employee(s)

This information is provided by HudsonRock

×

/*
Trinity ransomware
*/


rule Trinity
{
    meta:
        author = "rivitna"
        family = "ransomware.trinity.windows"
        description = "Trinity ransomware Windows payload"
        severity = 10
        score = 100

    strings:
        $s0 = "\x00pbsecGOOD\x00" ascii
        $s1 = "\x00secpbGOOD\x00" ascii
        $s2 = "12210111111610599117115" ascii
        $s3 = "\x00OnlyCr :\x00" ascii
        $s4 = "\x00FullCr :\x00" ascii
        $s5 = "\x00enableOnlyTest \x00" ascii
        $s6 = "\x00EnableAutoStart \x00" ascii
        $s7 = "\x00enableSelfDelete \x00" ascii
        $s8 = "\x00enableStartOnRun \x00" ascii
        $s9 = "\x00enableWallaper \x00" ascii
        $s10 = "\x00enableNetwork \x00" ascii
        $s11 = "\x00enableCustomCMD1 \x00" ascii
        $s12 = "\x00enableFullEncrExt \x00" ascii
        $s13 = "\x00enableCryptOnlyExtension \x00" ascii
        $s14 = "\x00enableCryptOnlyExtension \x00" ascii
        $s15 = "\x00%s%x%x%x%x.goodgame\x00" wide

        $h0 = { B? 01 00 00 00 33 ?? 0F B6 [10] C1 E? 08 83 F? 18 72 EC }
        $h1 = { 00 6A 00 68 63 04 00 00 FF 35 [4] FF }

    condition:
        ((uint16(0) == 0x5A4D) and (uint32(uint32(0x3C)) == 0x00004550)) and
        (
            ((1 of ($h*)) and (4 of ($s*))) or
            (10 of them)
        )
}