Description
Tropic Trooper, a Chinese-speaking APT group active since 2011, has expanded its operations to target government entities in the Middle East. The group deployed a new variant of the China Chopper web shell on a compromised Umbraco CMS server, along with other post-exploitation tools and backdoor implants. The attackers used DLL search-order hijacking to load malicious payloads, including a loader called Crowdoor. The campaign focused on cyber espionage, targeting systems related to human rights studies in the region. This marks a strategic shift for Tropic Trooper, previously known for targeting Southeast Asian countries.
Date
| Published | Created | Modified |
|---|---|---|
| Sept. 5, 2024, 3:54 p.m. | Sept. 5, 2024, 3:54 p.m. | Sept. 5, 2024, 4:17 p.m. |
Indicators
9ba6c63e29b26174e52a519c1afe7a4401e65485fd6ce6a2d574d910dd1d8d22
23dea3a74e3ff6a367754d02466db4c86ffda47efe09529d3aad52b0d5694b30
8df9fa495892fc3d183917162746ef8fd9e438ff0d639264236db553b09629dc
51.195.37.155
162.19.135.182
Attack Patterns
China Chopper
ByPassGodzilla
Neo-reGeorg
Swor
Crowdoor
Tropic Trooper
T1505.003
T1589
T1543.003
T1588.002
T1059.003
T1059.001
T1547.001
T1574.001
T1021
T1016
T1082
T1057
T1105
T1083
T1055
T1036
T1033
T1027
T1566
Additional Informations
Government
Malaysia