Trigona Ransomware Indicators of Compromise

SHA256									DETECTION
8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376	Ransom.Win32.TRIGONA.YPDDZ
11b0e9673bbeb978aa9b95bcad43eb21bbe0bbaaf7e5a0e20d48b93d60204406	Ransom.Win32.TRIGONA.YXDDR
eda603f4d469d017917f5d6affeb992fdf3b7971e49868ece8c38fb8e6f8b444	Ransom.Win32.TRIGONA.YXDDR
c4529a061f205aaee46c219123d15059d2161df2bd7c7b738dd2a2c1ffd8d3ee	Ransom.Win32.TRIGONA.YXDDR
170fa5d29cdb562d41a054abf2a57ca29fc233805b59692a1a57ebf25449be7c	Ransom.Win32.TRIGONA.YXDDR
f29b948905449f330d2e5070d767d0dac4837d0b566eee28282dc78749083684	Ransom.Win32.TRIGONA.THABOBC
197f4933680a611ad2234a22769bd079885f81956221ec0de172d5a19eab648e	Ransom.Win32.TRIGONA.YXDDR
1017fcf607a329bb6ad046181c3656b686906a0767fff2a4a3c6c569c2a70a85	Ransom.Win32.TRIGONA.YXDDR
761b78ddab55b4e561607ce5ce9d424a7aec4f1994aad988f0612b096cdd1d6d	Ransom.Win32.TRIGONA.YXDDR
097d8edb1762d7d3ded4360a9f5b4673a898937421f36853d2f5cde77e1bac93	Ransom.Win32.TRIGONA.YXDDR
4a06231957c53dee1a11ff3eb84caad082f18761aee49e72d79c7f1d32884e34	Ransom.Win32.TRIGONA.YXDDR
fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b	Ransom.Win32.TRIGONA.YMDBJ


URL										DESCRIPTION
3x55o3u2b7cjs54eifja5m3ottxntlubhjzt6k6htp5nrocjmsxxh7ad[.]onion		Trigona TOR negotiation portal
hxxp://6n5tfadusp4sarzuxntz34q4ohspiaya2mc6aw6uhlusfqfsdomavyyd[.]onion		Trigona leak site
45.227.253[.]99									IP address associated with Trigona activity
45.227.253[.]106								IP address currently hosting Trigona leak site
45.227.253[.]98									IP address associated with Trigona activity
45.227.253[.]107								IP address associated with Trigona activity