Today > | 3 Medium | 2 Low vulnerabilities   -   You can now download lists of IOCs here!

Tropic Trooper spies on government entities in the Middle East

Sept. 5, 2024, 4:17 p.m.

Description

Tropic Trooper, a Chinese-speaking APT group active since 2011, has expanded its operations to target government entities in the Middle East. The group deployed a new variant of the China Chopper web shell on a compromised Umbraco CMS server, along with other post-exploitation tools and backdoor implants. The attackers used DLL search-order hijacking to load malicious payloads, including a loader called Crowdoor. The campaign focused on cyber espionage, targeting systems related to human rights studies in the region. This marks a strategic shift for Tropic Trooper, previously known for targeting Southeast Asian countries.

Date

Published: Sept. 5, 2024, 3:54 p.m.

Created: Sept. 5, 2024, 3:54 p.m.

Modified: Sept. 5, 2024, 4:17 p.m.

Indicators

9ba6c63e29b26174e52a519c1afe7a4401e65485fd6ce6a2d574d910dd1d8d22

23dea3a74e3ff6a367754d02466db4c86ffda47efe09529d3aad52b0d5694b30

8df9fa495892fc3d183917162746ef8fd9e438ff0d639264236db553b09629dc

51.195.37.155

162.19.135.182

blog.techmersion.com

techmersion.com

Attack Patterns

China Chopper

ByPassGodzilla

Neo-reGeorg

Swor

Crowdoor

Tropic Trooper

T1505.003

T1589

T1543.003

T1588.002

T1059.003

T1059.001

T1547.001

T1574.001

T1021

T1016

T1082

T1057

T1105

T1083

T1055

T1036

T1033

T1027

T1566

Additional Informations

Government

Malaysia